ChangeLog for: 2022-01-16 22:33:27
a/aaa_libraries-15.0-x86_64-14.txz: Rebuilt.
Upgraded: libexpat.so.1.8.3.
a/kernel-generic-5.15.15-x86_64-1.txz: Upgraded.
a/kernel-huge-5.15.15-x86_64-1.txz: Upgraded.
a/kernel-modules-5.15.15-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.11-x86_64-1.txz: Upgraded.
ap/ksh93-1.0_20220114_e569f23e-x86_64-1.txz: Upgraded.
ap/vim-8.2.4115-x86_64-1.txz: Upgraded.
d/gdb-11.2-x86_64-1.txz: Upgraded.
d/kernel-headers-5.15.15-x86-1.txz: Upgraded.
k/kernel-source-5.15.15-noarch-1.txz: Upgraded.
kde/kwayland-server-5.23.5-x86_64-2.txz: Rebuilt.
Applied upstream patch:
[PATCH] Store surface object in tablet cursor using QPointer.
Thanks to ZhaoLin1457.
l/expat-2.4.3-x86_64-1.txz: Upgraded.
Fix issues with left shifts by >=29 places resulting in:
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
Fix integer overflow on variable m_groupSize in function doProlog leading
to realloc acting as free. Impact is denial of service or other undefined
behavior.
Prevent integer overflows near memory allocation at multiple places.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827
(* Security fix *)
l/libunwind-1.6.2-x86_64-1.txz: Upgraded.
x/xterm-370-x86_64-3.txz: Rebuilt.
Ship a sample XTerm.linux.console app-defaults file. Thanks to GazL.
xap/vim-gvim-8.2.4115-x86_64-1.txz: Upgraded.
xap/xsnow-3.4.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.