Slackware64-current ChangeLog

ChangeLog for: 2016-11-04 04:31:38

a/glibc-zoneinfo-2016i-noarch-1.txz:  Upgraded.
ap/nano-2.7.1-x86_64-1.txz:  Upgraded.
ap/vim-8.0.0055-x86_64-1.txz:  Upgraded.
l/libcdio-paranoia-10.2+0.93+1-x86_64-2.txz:  Rebuilt.
n/bind-9.10.4_P4-x86_64-1.txz:  Upgraded.
  This update fixes a denial-of-service vulnerability.  A defect in BIND's
  handling of responses containing a DNAME answer can cause a resolver to exit
  after encountering an assertion failure in db.c or resolver.c.  A server
  encountering either of these error conditions will stop, resulting in denial
  of service to clients.  The risk to authoritative servers is minimal;
  recursive servers are chiefly at risk.
  For more information, see:
    https://kb.isc.org/article/AA-01434
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864
  (* Security fix *)
n/curl-7.51.0-x86_64-1.txz:  Upgraded.
  This release fixes security issues:
  CVE-2016-8615: cookie injection for other servers
  CVE-2016-8616: case insensitive password comparison
  CVE-2016-8617: OOB write via unchecked multiplication
  CVE-2016-8618: double-free in curl_maprintf
  CVE-2016-8619: double-free in krb5 code
  CVE-2016-8620: glob parser write/read out of bounds
  CVE-2016-8621: curl_getdate read out of bounds
  CVE-2016-8622: URL unescape heap overflow via integer truncation
  CVE-2016-8623: Use-after-free via shared cookies
  CVE-2016-8624: invalid URL parsing with '#'
  CVE-2016-8625: IDNA 2003 makes curl use wrong host
  For more information, see:
    https://curl.haxx.se/docs/adv_20161102A.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
    https://curl.haxx.se/docs/adv_20161102B.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
    https://curl.haxx.se/docs/adv_20161102C.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
    https://curl.haxx.se/docs/adv_20161102D.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
    https://curl.haxx.se/docs/adv_20161102E.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
    https://curl.haxx.se/docs/adv_20161102F.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
    https://curl.haxx.se/docs/adv_20161102G.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
    https://curl.haxx.se/docs/adv_20161102H.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
    https://curl.haxx.se/docs/adv_20161102I.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
    https://curl.haxx.se/docs/adv_20161102J.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
    https://curl.haxx.se/docs/adv_20161102K.html
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
  (* Security fix *)
xap/gnuchess-6.2.4-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.0.0055-x86_64-1.txz:  Upgraded.