https://www.sya54m.eu Latest 20 entries in the Slackware-15.0 ChangeLog https://www.sya54m.eu/immagini/s256.png https://www.sya54m.eu en Wed, 20 May 2026 01:45:24 +0200 Wed, 20 May 2026 18:30:09 +0200 www.sya54m.eu https://www.sya54m.eu Wed, 20 May 2026 01:45:24 +0200 1779234324 patches/packages/haveged-1.9.21-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Missing exit out of permission check could lead to root exploit.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-41054
  (* Security fix *)
patches/packages/mozilla-firefox-140.11.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.11.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-48
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
patches/packages/mozilla-thunderbird-140.11.0esr-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.11.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
    https://www.cve.org/CVERecord?id=CVE-2026-8946
    https://www.cve.org/CVERecord?id=CVE-2026-8388
    https://www.cve.org/CVERecord?id=CVE-2026-8947
    https://www.cve.org/CVERecord?id=CVE-2026-8391
    https://www.cve.org/CVERecord?id=CVE-2026-8401
    https://www.cve.org/CVERecord?id=CVE-2026-8949
    https://www.cve.org/CVERecord?id=CVE-2026-8950
    https://www.cve.org/CVERecord?id=CVE-2026-8953
    https://www.cve.org/CVERecord?id=CVE-2026-8954
    https://www.cve.org/CVERecord?id=CVE-2026-8955
    https://www.cve.org/CVERecord?id=CVE-2026-8956
    https://www.cve.org/CVERecord?id=CVE-2026-8957
    https://www.cve.org/CVERecord?id=CVE-2026-8958
    https://www.cve.org/CVERecord?id=CVE-2026-8959
    https://www.cve.org/CVERecord?id=CVE-2026-8961
    https://www.cve.org/CVERecord?id=CVE-2026-8962
    https://www.cve.org/CVERecord?id=CVE-2026-8968
    https://www.cve.org/CVERecord?id=CVE-2026-8970
    https://www.cve.org/CVERecord?id=CVE-2026-8974
    https://www.cve.org/CVERecord?id=CVE-2026-8975
  (* Security fix *)
]]> https://www.sya54m.eu Mon, 18 May 2026 01:23:26 +0200 1779060206 patches/packages/dcron-4.5-i586-14_slack15.0.txz:  Rebuilt.
  This is a bugfix release.
  Rebase the run-parts script on the latest version from Fedora's crontabs
  package. Thanks to avian.
  rc.crond: ensure world-writable permissions on /run/cron, needed for
  crontab -e with some editors. Thanks to lostintime.
  Add /etc/default/run-parts. Thanks to lostintime.
  run-parts: don't redirect stderr to stdout. Thanks to Thom1b.
  run-parts: skip *.orig files. Thanks to metaed.
  run-parts.8: document skiping *.orig files. Thanks to metaed.
  /etc/default/crond: Set the same minimal PATH that's provided by sysvinit at
  boot time to keep things consistent when using rc.crond restart. This PATH
  will be used both at boot and with a restart through rc.crond. Feel free to
  adjust it if needed. Thanks to Ken Zalewski.
]]> https://www.sya54m.eu Sat, 16 May 2026 04:48:04 +0200 1778899684 patches/packages/dnsmasq-2.92rel2-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-2291
    https://www.cve.org/CVERecord?id=CVE-2026-4890
    https://www.cve.org/CVERecord?id=CVE-2026-4891
    https://www.cve.org/CVERecord?id=CVE-2026-4892
    https://www.cve.org/CVERecord?id=CVE-2026-4893
    https://www.cve.org/CVERecord?id=CVE-2026-5172
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-generic-5.15.207-i586-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-generic-smp-5.15.207_smp-i686-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-headers-5.15.207_smp-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.207/kernel-huge-5.15.207-i586-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-huge-smp-5.15.207_smp-i686-1.txz:  Upgraded.
  This update fixes a security issue:
  ptrace: slightly saner 'get_dumpable()' logic.
  For more information, see:
    https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
    https://www.cve.org/CVERecord?id=CVE-2026-46333
  (* Security fix *)
patches/packages/linux-5.15.207/kernel-modules-5.15.207-i586-1.txz:  Upgraded.
patches/packages/linux-5.15.207/kernel-modules-smp-5.15.207_smp-i686-1.txz:  Upgraded.
patches/packages/linux-5.15.207/kernel-source-5.15.207_smp-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Tue, 12 May 2026 04:16:39 +0200 1778552199 patches/packages/expat-2.7.5-i586-2_slack15.0.txz:  Rebuilt.
  This update fixes a security issue:
  Fix quadratic runtime from attribute name collision checks that allowed
  denial of service attacks through moderately sized crafted XML input
  (CWE-407). Please note that a layer of compression around XML can
  significantly reduce the minimum attack payload size.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-45186
  (* Security fix *)
]]> https://www.sya54m.eu Sat, 09 May 2026 23:25:03 +0200 1778361903 patches/packages/linux-5.15.206/kernel-generic-5.15.206-i586-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-generic-smp-5.15.206_smp-i686-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-headers-5.15.206_smp-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-huge-5.15.206-i586-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-huge-smp-5.15.206_smp-i686-1.txz:  Upgraded.
patches/packages/linux-5.15.206/kernel-modules-5.15.206-i586-1.txz:  Upgraded.
  This update fixes a regression in Linux 5.15.205:
  xfrm: esp: ipv4: fix up flags setting.
patches/packages/linux-5.15.206/kernel-modules-smp-5.15.206_smp-i686-1.txz:  Upgraded.
  This update fixes a regression in Linux 5.15.205:
  xfrm: esp: ipv4: fix up flags setting.
patches/packages/linux-5.15.206/kernel-source-5.15.206_smp-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
]]> https://www.sya54m.eu Sat, 09 May 2026 00:14:25 +0200 1778278465 patches/packages/linux-5.15.205/kernel-generic-5.15.205-i586-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-generic-smp-5.15.205_smp-i686-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-headers-5.15.205_smp-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-huge-5.15.205-i586-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-huge-smp-5.15.205_smp-i686-1.txz:  Upgraded.
patches/packages/linux-5.15.205/kernel-modules-5.15.205-i586-1.txz:  Upgraded.
  This update fixes a critical security issue:
  xfrm: esp: avoid in-place decrypt on shared skb frags.
  This update addresses a Linux kernel local privilege escalation attack known
  as "Dirty Frag." Please note that there's a second CVE (CVE-2026-43500) that
  is not yet patched upstream.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko
  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).
  Also remove the modules from the kernel if they have been loaded:
    rmmod esp4 esp6 rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43284
  (* Security fix *)
patches/packages/linux-5.15.205/kernel-modules-smp-5.15.205_smp-i686-1.txz:  Upgraded.
  This update fixes a critical security issue:
  xfrm: esp: avoid in-place decrypt on shared skb frags.
  This update addresses a Linux kernel local privilege escalation attack known
  as "Dirty Frag." Please note that there's a second CVE (CVE-2026-43500) that
  is not yet patched upstream.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away you may blacklist or remove the kernel modules esp4.ko and esp6.ko
  (CVE-2026-43284) and rxrpc.ko (CVE-2026-43500).
  Also remove the modules from the kernel if they have been loaded:
    rmmod esp4 esp6 rxrpc
  And, drop the file caches in case in-memory program copies have already
  been compromised. Make sure possibly affected programs do not have any
  open sessions first:
    sh -c "echo 3 > /proc/sys/vm/drop_caches"
  For more information, see:
    https://github.com/V4bel/dirtyfrag
    https://www.cve.org/CVERecord?id=CVE-2026-43284
  (* Security fix *)
patches/packages/linux-5.15.205/kernel-source-5.15.205_smp-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
patches/packages/mozilla-thunderbird-140.10.2esr-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.2esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 08 May 2026 07:00:03 +0200 1778216403 extra/php82/php82-8.2.31-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  FPM: Fixed XSS within status endpoint.
  MBString: Fixed Null pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init().
  PDO_Firebird: Fixed SQL injection via NUL bytes in quoted strings.
  SOAP: Fixed Stale SOAP_GLOBAL(ref_map) pointer with Apache Map.
  SOAP: Fixed Use-after-free after header parsing failure with
  SOAP_PERSISTENCE_SESSION.
  SOAP: Fixed Broken Apache map value NULL check.
  Standard: Fixed Signed integer overflow of char array offset.
  Standard: Fixed Consistently pass unsigned char to ctype.h functions.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.2.31
    https://www.cve.org/CVERecord?id=CVE-2026-6735
    https://www.cve.org/CVERecord?id=CVE-2026-7259
    https://www.cve.org/CVERecord?id=CVE-2025-14179
    https://www.cve.org/CVERecord?id=CVE-2026-6722
    https://www.cve.org/CVERecord?id=CVE-2026-7261
    https://www.cve.org/CVERecord?id=CVE-2026-7262
    https://www.cve.org/CVERecord?id=CVE-2026-7568
    https://www.cve.org/CVERecord?id=CVE-2026-7258
  (* Security fix *)
patches/packages/libgpg-error-1.61-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
   Fix possible stack overflow in es_printf for %.100f format.
   Fix out-of-bounds read in vfnameconcat.
  (* Security fix *)
patches/packages/mozilla-firefox-140.10.2esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.2/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-41
    https://www.cve.org/CVERecord?id=CVE-2026-8090
    https://www.cve.org/CVERecord?id=CVE-2026-8094
    https://www.cve.org/CVERecord?id=CVE-2026-8092
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 05 May 2026 22:12:56 +0200 1778011976 patches/packages/hunspell-1.7.3-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    https://github.com/hunspell/hunspell/releases/tag/v1.7.3
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 05 May 2026 00:37:35 +0200 1777934255 patches/packages/httpd-2.4.67-i586-1_slack15.0.txz:  Upgraded.
  This release fixes bugs and the following security issues:
  mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data().
  mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check.
  Off-by-one OOB reads in AJP getter functions.
  HTTP response splitting forwarding malicious status line.
  mod_authn_socache crash.
  mod_auth_digest timing attack.
  mod_md unrestricted OCSP response.
  buffer overflow in mod_proxy_ajp via ajp_msg_check_header().
  mod_rewrite elevation of privileges via ap_expr.
  http2: double free and possible RCE on early reset.
  For more information, see:
    https://downloads.apache.org/httpd/CHANGES_2.4.67
    https://www.cve.org/CVERecord?id=CVE-2026-34059
    https://www.cve.org/CVERecord?id=CVE-2026-34032
    https://www.cve.org/CVERecord?id=CVE-2026-33857
    https://www.cve.org/CVERecord?id=CVE-2026-33523
    https://www.cve.org/CVERecord?id=CVE-2026-33007
    https://www.cve.org/CVERecord?id=CVE-2026-33006
    https://www.cve.org/CVERecord?id=CVE-2026-29169
    https://www.cve.org/CVERecord?id=CVE-2026-29168
    https://www.cve.org/CVERecord?id=CVE-2026-28780
    https://www.cve.org/CVERecord?id=CVE-2026-24072
    https://www.cve.org/CVERecord?id=CVE-2026-23918
  (* Security fix *)
]]> https://www.sya54m.eu Sun, 03 May 2026 03:36:26 +0200 1777772186 patches/packages/gnutls-3.8.13-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Add more checks to DTLS reassembly. Previously, gnutls didn't check that
  DTLS fragments claimed a consistent message_length value. Additionally,
  a crucial array size check was missing, enabling an attacker to cause a
  heap overwrite. Reject fragments with mismatching length and add a missing
  boundary check. Independently reported by Haruto Kimura (Stella), Oscar
  Reparaz and Zou Dikai.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-33846
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-generic-5.15.204-i586-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-generic-smp-5.15.204_smp-i686-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-headers-5.15.204_smp-x86-1.txz:  Upgraded.
patches/packages/linux-5.15.204/kernel-huge-5.15.204-i586-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-huge-smp-5.15.204_smp-i686-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-modules-5.15.204-i586-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-modules-smp-5.15.204_smp-i686-1.txz:  Upgraded.
  This update fixes a critical security issue:
  An out-of-bounds write in the userspace interface for AEAD cipher algorithms
  may be leveraged to get a root shell through a setuid binary. While the
  proof of concepts for this have so far targeted different program versions
  than Slackware uses, there's nothing preventing anyone from targeting one
  a setuid binary that we use.
  Mitigation: If for some reason it's not possible to upgrade the kernel right
  away, since we use CONFIG_CRYPTO_USER_API_AEAD=m you may blacklist or remove
  the algif_aead.ko kernel module to prevent the exploit.
  For more information, see:
    https://copy.fail/
    https://www.cve.org/CVERecord?id=CVE-2026-31431
  (* Security fix *)
patches/packages/linux-5.15.204/kernel-source-5.15.204_smp-noarch-1.txz:  Upgraded.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
patches/packages/mozilla-thunderbird-140.10.1esr-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.1esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 01 May 2026 21:44:58 +0200 1777664698 patches/packages/mozilla-firefox-140.10.1esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-36
    https://www.cve.org/CVERecord?id=CVE-2026-7320
    https://www.cve.org/CVERecord?id=CVE-2026-7321
    https://www.cve.org/CVERecord?id=CVE-2026-7322
    https://www.cve.org/CVERecord?id=CVE-2026-7323
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 28 Apr 2026 07:57:29 +0200 1777355849 patches/packages/cups-2.4.19-i586-1_slack15.0.txz:  Upgraded.
  Fixed a regression in shared printing from non-local accounts (Issue #1557).
patches/packages/proftpd-1.3.9a-i586-1_slack15.0.txz:  Upgraded.
  Fix for an SQL injection that may lead to authentication bypass, privilege
  escalation, and arbitrary code execution. Slackware does not build mol_sql,
  but this may be an important upgrade for those rebuilding proftpd in order
  to add this module.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-42167
  (* Security fix *)
]]> https://www.sya54m.eu Tue, 28 Apr 2026 00:56:19 +0200 1777330579 patches/packages/mpg123-1.33.5-i586-1.txz:  Upgraded.
  mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit
  off_t was used with mpg123 API calls expecting 64 bit off_t.
  I am appalled that it took a user on 32 bit ARM and a specific https stream
  to notice this (bug 385, regression since 1.32.0).
  The security impact of this could be serious, with memory corruption
  including segfault being observed.
  mpg123-id3dump, out123: Enable 64 bit offset usage on largefile-sensitive
  platforms (regression since 1.32.0).
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 24 Apr 2026 20:56:04 +0200 1777056964 patches/packages/cups-2.4.18-i586-1_slack15.0.txz:  Upgraded.
  Fixed cupsd crash if user does not exist (Issue #1555).
patches/packages/glibc-zoneinfo-2026b-noarch-1_slack15.0.txz:  Upgraded.
  This package provides the latest timezone updates.
]]> https://www.sya54m.eu Wed, 22 Apr 2026 02:29:07 +0200 1776817747 patches/packages/libXpm-3.5.19-i586-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Out-of-bounds read in xpmNextWord().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059452.html
    https://www.cve.org/CVERecord?id=CVE-2026-4367
  (* Security fix *)
patches/packages/mozilla-firefox-140.10.0esr-i686-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/140.10.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2026-32/
    https://www.cve.org/CVERecord?id=CVE-2026-6746
    https://www.cve.org/CVERecord?id=CVE-2026-6747
    https://www.cve.org/CVERecord?id=CVE-2026-6748
    https://www.cve.org/CVERecord?id=CVE-2026-6749
    https://www.cve.org/CVERecord?id=CVE-2026-6750
    https://www.cve.org/CVERecord?id=CVE-2026-6751
    https://www.cve.org/CVERecord?id=CVE-2026-6752
    https://www.cve.org/CVERecord?id=CVE-2026-6753
    https://www.cve.org/CVERecord?id=CVE-2026-6754
    https://www.cve.org/CVERecord?id=CVE-2026-6757
    https://www.cve.org/CVERecord?id=CVE-2026-6759
    https://www.cve.org/CVERecord?id=CVE-2026-6761
    https://www.cve.org/CVERecord?id=CVE-2026-6762
    https://www.cve.org/CVERecord?id=CVE-2026-6763
    https://www.cve.org/CVERecord?id=CVE-2026-6764
    https://www.cve.org/CVERecord?id=CVE-2026-6765
    https://www.cve.org/CVERecord?id=CVE-2026-6766
    https://www.cve.org/CVERecord?id=CVE-2026-6767
    https://www.cve.org/CVERecord?id=CVE-2026-6769
    https://www.cve.org/CVERecord?id=CVE-2026-6770
    https://www.cve.org/CVERecord?id=CVE-2026-6771
    https://www.cve.org/CVERecord?id=CVE-2026-6772
    https://www.cve.org/CVERecord?id=CVE-2026-6776
    https://www.cve.org/CVERecord?id=CVE-2026-6785
    https://www.cve.org/CVERecord?id=CVE-2026-6786
  (* Security fix *)
patches/packages/mozilla-thunderbird-140.10.0esr-i686-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/140.10.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird140.10
  (* Security fix *)
]]> https://www.sya54m.eu Sun, 19 Apr 2026 02:05:42 +0200 1776557142 extra/tigervnc/tigervnc-1.16.2-i586-2_slack15.0.txz:  Rebuilt.
  Rebuilt against xorg-server-1.20.14 patched to fix security issues:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
]]> https://www.sya54m.eu Fri, 17 Apr 2026 23:28:08 +0200 1776461288 patches/packages/cups-2.4.17-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  The scheduler treated local user and group names as case-insensitive.
  The RSS notifier could write outside the scheduler's RSS directory.
  The scheduler did not filter control characters from option values.
  The scheduler did not always allocate enough memory for a job's options
  string.
  The scheduler incorrectly allowed local certificates over the loopback
  interface.
  Fixed the range check for job password strings.
  Fixed a printer subscription bug in the scheduler.
  Fixed a SNMP string conversion bug in the backends.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-27447
    https://www.cve.org/CVERecord?id=CVE-2026-34978
    https://www.cve.org/CVERecord?id=CVE-2026-34980
    https://www.cve.org/CVERecord?id=CVE-2026-34979
    https://www.cve.org/CVERecord?id=CVE-2026-34990
    https://www.cve.org/CVERecord?id=CVE-2026-39314
    https://www.cve.org/CVERecord?id=CVE-2026-39316
  (* Security fix *)
testing/packages/rust-1.95.0-i686-1_slack15.0.txz:  Upgraded.
]]> https://www.sya54m.eu Fri, 17 Apr 2026 00:36:54 +0200 1776379014 patches/packages/libpng-1.6.58-i586-1_slack15.0.txz:  Upgraded.
  Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
  to return stale palette data after applying gamma and background transforms
  in-place.
patches/packages/libxml2-2.11.9-i586-9_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  entities: copy children in xmlCopyEntity.
  c14n: Fix Type confusion in xmlC14NProcessAttrsAxis.
  python: Do not decref string after adding to the list
  (double-free / use-after-free).
  c14n: Reuse tmp_str, xmlStrcat reallocates *cur (double-free).
  (* Security fix *)
]]> https://www.sya54m.eu Wed, 15 Apr 2026 00:07:31 +0200 1776204451 patches/packages/libexif-0.6.26-i586-1_slack15.0.txz:  Upgraded.
  This update fixes security issues:
  An unsigned integer underflow in Fuji and Olympus makernote handling.
  An unsigned integer overflow on 32bit systems in Nikon makernote handling.
  A buffer overwrite via integer underflow in makernote handling.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-40386
    https://www.cve.org/CVERecord?id=CVE-2026-40385
    https://www.cve.org/CVERecord?id=CVE-2026-32775
  (* Security fix *)
patches/packages/xorg-server-1.20.14-i586-19_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-19_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-19_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-19_slack15.0.txz:  Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-17_slack15.0.txz:  Rebuilt.
  This update fixes security issues:
  XKB Integer Underflow in XkbSetCompatMap().
  XKB Out-of-bounds Read in CheckSetGeom().
  XSYNC Use-after-free in miSyncTriggerFence().
  XKB Out-of-bounds read in CheckModifierMap().
  XKB Buffer overflow in CheckKeyTypes().
  For more information, see:
    https://lists.x.org/archives/xorg-devel/2026-April/059446.html
    https://www.cve.org/CVERecord?id=CVE-2026-33999
    https://www.cve.org/CVERecord?id=CVE-2026-34000
    https://www.cve.org/CVERecord?id=CVE-2026-34001
    https://www.cve.org/CVERecord?id=CVE-2026-34002
    https://www.cve.org/CVERecord?id=CVE-2026-34003
  (* Security fix *)
]]> https://www.sya54m.eu Mon, 13 Apr 2026 23:39:25 +0200 1776116365 patches/packages/ca-certificates-20260413-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/libarchive-3.8.7-i586-1_slack15.0.txz:  Upgraded.
  Libarchive 3.8.7 is a security and bugfix release.
  Notable fixes:
  CAB: fix NULL pointer dereference during skip (#2900)
  CAB: Fix Heap OOB Write in CAB LZX decoder (#2919)
  cpio: various fixes and improvements (#2899, #2908, #2910, #2939)
  contrib/untar: fix out-of-bounds read (#2903)
  iso9660: fix undefined behavior (#2897)
  iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934)
  libarchive: fix handling of option failures (#2871)
  libarchive: do not continue with truncated numbers (#2911)
  libarchive: lzop and grzip filter support (#2947)
  RAR: fix LZSS window size mismatch after PPMd block (#2898)
  (* Security fix *)
]]>