Slackware64-current ChangeLog

ChangeLog for: 2025-02-25 23:24:01

a/gettext-0.24-x86_64-1.txz:  Upgraded.
a/shadow-4.17.3-x86_64-1.txz:  Upgraded.
  More refactoring, but it mostly hits the non-PAM code paths.
d/gettext-tools-0.24-x86_64-1.txz:  Upgraded.
d/python-setuptools-75.8.1-x86_64-1.txz:  Upgraded.
l/PyQt-builder-1.18.1-x86_64-1.txz:  Upgraded.
n/dhcpcd-10.2.2-x86_64-1.txz:  Upgraded.
x/xorg-server-21.1.16-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  Use-after-free of the root cursor.
  Buffer overflow in XkbVModMaskText().
  Heap overflow in XkbWriteKeySyms().
  Buffer overflow in XkbChangeTypesOfKey().
  Out-of-bounds write in CreatePointerBarrierClient().
  Use of uninitialized pointer in compRedirectWindow().
  Use-after-free in PlayReleasedEvents().
  Use-after-free in SyncInitTrigger().
  Thanks to Jan-Niklas Sohn and the Trend Micro Zero Day Initiative.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2025-February/003584.html
    https://www.cve.org/CVERecord?id=CVE-2025-26594
    https://www.cve.org/CVERecord?id=CVE-2025-26595
    https://www.cve.org/CVERecord?id=CVE-2025-26596
    https://www.cve.org/CVERecord?id=CVE-2025-26597
    https://www.cve.org/CVERecord?id=CVE-2025-26598
    https://www.cve.org/CVERecord?id=CVE-2025-26599
    https://www.cve.org/CVERecord?id=CVE-2025-26600
    https://www.cve.org/CVERecord?id=CVE-2025-26601
  (* Security fix *)
x/xorg-server-xephyr-21.1.16-x86_64-1.txz:  Upgraded.
x/xorg-server-xnest-21.1.16-x86_64-1.txz:  Upgraded.
x/xorg-server-xvfb-21.1.16-x86_64-1.txz:  Upgraded.
x/xorg-server-xwayland-24.1.6-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  Use-after-free of the root cursor.
  Buffer overflow in XkbVModMaskText().
  Heap overflow in XkbWriteKeySyms().
  Buffer overflow in XkbChangeTypesOfKey().
  Out-of-bounds write in CreatePointerBarrierClient().
  Use of uninitialized pointer in compRedirectWindow().
  Use-after-free in PlayReleasedEvents().
  Use-after-free in SyncInitTrigger().
  Thanks to Jan-Niklas Sohn and the Trend Micro Zero Day Initiative.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2025-February/003584.html
    https://www.cve.org/CVERecord?id=CVE-2025-26594
    https://www.cve.org/CVERecord?id=CVE-2025-26595
    https://www.cve.org/CVERecord?id=CVE-2025-26596
    https://www.cve.org/CVERecord?id=CVE-2025-26597
    https://www.cve.org/CVERecord?id=CVE-2025-26598
    https://www.cve.org/CVERecord?id=CVE-2025-26599
    https://www.cve.org/CVERecord?id=CVE-2025-26600
    https://www.cve.org/CVERecord?id=CVE-2025-26601
  (* Security fix *)
extra/tigervnc/tigervnc-1.15.0-x86_64-2.txz:  Rebuilt.
  Recompiled against xorg-server-21.1.16, including patches for
  security issues:
  Use-after-free of the root cursor.
  Buffer overflow in XkbVModMaskText().
  Heap overflow in XkbWriteKeySyms().
  Buffer overflow in XkbChangeTypesOfKey().
  Out-of-bounds write in CreatePointerBarrierClient().
  Use of uninitialized pointer in compRedirectWindow().
  Use-after-free in PlayReleasedEvents().
  Use-after-free in SyncInitTrigger().
  Thanks to Jan-Niklas Sohn and the Trend Micro Zero Day Initiative.
  For more information, see:
    https://lists.x.org/archives/xorg-announce/2025-February/003584.html
    https://www.cve.org/CVERecord?id=CVE-2025-26594
    https://www.cve.org/CVERecord?id=CVE-2025-26595
    https://www.cve.org/CVERecord?id=CVE-2025-26596
    https://www.cve.org/CVERecord?id=CVE-2025-26597
    https://www.cve.org/CVERecord?id=CVE-2025-26598
    https://www.cve.org/CVERecord?id=CVE-2025-26599
    https://www.cve.org/CVERecord?id=CVE-2025-26600
    https://www.cve.org/CVERecord?id=CVE-2025-26601
  (* Security fix *)