Slackware64-current ChangeLog

ChangeLog for: 2025-03-14 21:48:43

ap/gutenprint-5.3.5-x86_64-1.txz:  Upgraded.
l/cairo-1.18.4-x86_64-1.txz:  Upgraded.
l/dbus-glib-0.114-x86_64-1.txz:  Upgraded.
l/dbus-python-1.4.0-x86_64-1.txz:  Upgraded.
l/expat-2.7.0-x86_64-1.txz:  Upgraded.
  This update addresses a security issue:
  Fix crash from chaining a large number of entities caused by stack overflow
  by resolving use of recursion, for all three uses of entities:
    general entities in character data
    general entities in attribute values
    parameter entities
  Known impact is (reliable and easy) denial of service.
  Please note that a layer of compression around XML can significantly reduce
  the minimum attack payload.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-8176
  (* Security fix *)
l/pipewire-1.4.1-x86_64-1.txz:  Upgraded.
n/php-8.3.19-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  Core: Reference counting in php_request_shutdown causes Use-After-Free.
  LibXML: libxml streams use wrong `content-type` header when requesting
  a redirected resource.
  Streams: Stream HTTP wrapper header check might omit basic auth header.
  Streams: Stream HTTP wrapper truncate redirect location to 1024 bytes.
  Streams: Streams HTTP wrapper does not fail for headers without colon.
  Streams: Header parser of http stream wrapper does not handle folded headers.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.3.19
    https://www.cve.org/CVERecord?id=CVE-2024-11235
    https://www.cve.org/CVERecord?id=CVE-2025-1219
    https://www.cve.org/CVERecord?id=CVE-2025-1736
    https://www.cve.org/CVERecord?id=CVE-2025-1861
    https://www.cve.org/CVERecord?id=CVE-2025-1734
    https://www.cve.org/CVERecord?id=CVE-2025-1217
  (* Security fix *)
x/fontconfig-2.16.1-x86_64-1.txz:  Upgraded.
xfce/elementary-xfce-0.21-noarch-1.txz:  Upgraded.
testing/packages/php-8.4.5-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  Core: Reference counting in php_request_shutdown causes Use-After-Free.
  LibXML: libxml streams use wrong `content-type` header when requesting
  a redirected resource.
  Streams: Stream HTTP wrapper header check might omit basic auth header.
  Streams: Stream HTTP wrapper truncate redirect location to 1024 bytes.
  Streams: Streams HTTP wrapper does not fail for headers without colon.
  Streams: Header parser of http stream wrapper does not handle folded headers.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.4.5
    https://www.cve.org/CVERecord?id=CVE-2024-11235
    https://www.cve.org/CVERecord?id=CVE-2025-1219
    https://www.cve.org/CVERecord?id=CVE-2025-1736
    https://www.cve.org/CVERecord?id=CVE-2025-1861
    https://www.cve.org/CVERecord?id=CVE-2025-1734
    https://www.cve.org/CVERecord?id=CVE-2025-1217
  (* Security fix *)