Quote:
The main goal, here, is to post what people found elsewhere (nist.gov, gentoo, arch, ...) and give visibility for everyone, Mr. Volkerding icluded This may or may not be useful, but it has the merit to exist. If you look at the changelog, there are many patches that have been applied thanks to user reports. |
Yes indeed. I just believe our BDFL does not rely on sticky posts and subscribe to the most relevent threads.
I like the less for the number of sticky posts and subscribe to (too) much more threads. |
Quote:
|
zlib 1.2.11
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 Patch: https://github.com/madler/zlib/commi...7c615f8020c531 |
For Slackware 15.0
CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-0995 https://git.kernel.org/pub/scm/linux...9921b3cba63fbb Fixed for kernel >= 5.15.29 https://git.kernel.org/pub/scm/linux...h=linux-5.15.y |
libarchive 3.6.0
CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-26280 Patch: https://github.com/libarchive/libarc...8f94fce37d6aff |
Quote:
|
Vim 8.2.x
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646 CVE-2022-1154: https://nvd.nist.gov/vuln/detail/CVE-2022-1154 EDIT: + heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2. CVE-2022-1160: https://nvd.nist.gov/vuln/detail/CVE-2022-1160 Update: Latest version 8.2.46494650 |
Well it certainly seems that someone is finding this thread useful:
Code:
patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded. I think it's a valuable thread and agree that it ought to be pinned. Thanks to you marav. |
It's indeed a very valuable thread ! Do not misread me : I do not think it's useful to have it sticky. I believe our BDFL will/have subscribe/d.
|
libtiff 4.3.0
Code:
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the https://nvd.nist.gov/vuln/detail/CVE-2022-1210 No patch yet |
xz 5.2.5
xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). Code:
Malicious filenames can make xzgrep to write to arbitrary files https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch |
libimobiledevice-glue
Fix a memory leak https://github.com/libimobiledevice/...e-glue/pull/21 Commit: https://github.com/libimobiledevice/...6298a5d689c4fa |
Git 2.35.2
https://www.phoronix.com/scan.php?pa...CVE-2022-24765 Technically this doesn't really affect non-windows systems, but worth mentioning. |
Quote:
|
All times are GMT -5. The time now is 03:16 PM. |