Slackware64-current ChangeLog

ChangeLog for: 2017-11-29 09:15:09

a/coreutils-8.28-x86_64-2.txz:  Rebuilt.
  Removed ancient (1992) aliases "dir, vdir, d, v" from the profile scripts.
a/lzlib-1.9-x86_64-1.txz:  Added.
a/plzip-1.6-x86_64-1.txz:  Added.
ap/man-1.6g-x86_64-3.txz:  Removed.
ap/man-db-2.7.6.1-x86_64-1.txz:  Added.
  This package replaces the good old man package. Thanks to B. Watson.
ap/man-pages-4.14-noarch-2.txz:  Rebuilt.
  Don't ship a whatis database, since man-db doesn't need one.
ap/mariadb-10.2.11-x86_64-1.txz:  Upgraded.
d/git-2.15.1-x86_64-1.txz:  Upgraded.
d/python-setuptools-38.2.3-x86_64-1.txz:  Upgraded.
x/libXcursor-1.1.15-x86_64-1.txz:  Upgraded.
  Fix heap overflows when parsing malicious files. (CVE-2017-16612)
  It is possible to trigger heap overflows due to an integer overflow
  while parsing images and a signedness issue while parsing comments.
  The integer overflow occurs because the chosen limit 0x10000 for
  dimensions is too large for 32 bit systems, because each pixel takes
  4 bytes. Properly chosen values allow an overflow which in turn will
  lead to less allocated memory than needed for subsequent reads.
  The signedness bug is triggered by reading the length of a comment
  as unsigned int, but casting it to int when calling the function
  XcursorCommentCreate. Turning length into a negative value allows the
  check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
  addition of sizeof (XcursorComment) + 1 makes it possible to allocate
  less memory than needed for subsequent reads.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
  (* Security fix *)
x/libXfont-1.5.3-x86_64-1.txz:  Removed.
x/libXfont2-2.0.3-x86_64-1.txz:  Upgraded.
  Open files with O_NOFOLLOW. (CVE-2017-16611)
  A non-privileged X client can instruct X server running under root
  to open any file by creating own directory with "fonts.dir",
  "fonts.alias" or any font file being a symbolic link to any other
  file in the system. X server will then open it. This can be issue
  with special files such as /dev/watchdog (which could then reboot
  the system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16611
  (* Security fix *)
x/xfs-1.2.0-x86_64-1.txz:  Upgraded.
testing/packages/php-7.1.12-x86_64-2.txz:  Rebuilt.
  Load mysqlnd.so before mysqli.so in etc/php.ini*. Thanks to KewlCat.
  Load libphp7.so in mod_php.conf.example. Thanks to Willy Sudiarto Raharjo.