Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Thu Dec 21 20:46:11 UTC 2023
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
+--------------------------+
Wed Dec 20 21:10:47 UTC 2023 patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *) patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6865
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *) patches/packages/mozilla-thunderbird-115.6.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Slacker wrote to All <=-

Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz:
Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz:
Upgraded.
Security: this release adds support to defend against an email
spoofing
attack (SMTP smuggling) on recipients at a Postfix server.
Sites
concerned about SMTP smuggling attacks should enable this
feature on
Internet-facing Postfix servers. For compatibility with
non-standard
clients, Postfix by default excludes clients in mynetworks from
this
countermeasure.
The recommended settings are:

<SNIP>

Hello again all,

I thought I'd also script/auto-post this whenever the Changelog was
updated. It's a very long file, and I chose to send the newest 75 lines
which will usually cover the last few days of changes, with the newest
at the top. If you think that's too long (or short), let me know.

Regards,
Dan




... Wisdom is knowing what to do with what you know.
=== MultiMail/Linux v0.52
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
+--------------------------+
Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Thu Dec 21 20:46:11 UTC 2023
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
+--------------------------+
Wed Dec 20 21:10:47 UTC 2023 patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
https://www.cve.org/CVERecord?id=CVE-2023-6918
(* Security fix *) patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sat Dec 30 19:53:07 UTC 2023 patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
+--------------------------+
Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Thu Dec 21 20:46:11 UTC 2023
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
+--------------------------+
Wed Dec 20 21:10:47 UTC 2023 patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection using proxycommand.
Potential downgrade attack using strict kex.
Missing checks for return values of MD functions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6004
https://www.cve.org/CVERecord?id=CVE-2023-48795
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/ +--------------------------+
Sat Dec 30 19:53:07 UTC 2023 patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
+--------------------------+
Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Thu Dec 21 20:46:11 UTC 2023
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
+--------------------------+
Wed Dec 20 21:10:47 UTC 2023 patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
[PATCH] adapter: Fix link key address type for old kernels.
Thanks to marav.
patches/packages/libssh-0.10.6-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/ +--------------------------+
Sat Dec 30 19:53:07 UTC 2023 patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
https://www.cve.org/CVERecord?id=CVE-2023-6121
(* Security fix *)
+--------------------------+
Sat Dec 23 02:48:56 UTC 2023 patches/packages/glibc-zoneinfo-2023d-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. patches/packages/postfix-3.6.13-x86_64-1_slack15.0.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Thu Dec 21 20:46:11 UTC 2023
extra/php81/php81-8.1.27-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.27
+--------------------------+
Wed Dec 20 21:10:47 UTC 2023 patches/packages/bind-9.16.45-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/proftpd-1.3.8b-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
mod_sftp: implemented mitigations for "Terrapin" SSH attack.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-48795
(* Security fix *)
testing/packages/bind-9.18.21-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023 patches/packages/bluez-5.71-x86_64-2_slack15.0.txz: Rebuilt.
Fix a regression in bluez-5.71:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Tue Jan 16 20:49:28 UTC 2024 patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
+--------------------------+
Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/ +--------------------------+
Sat Dec 30 19:53:07 UTC 2023 patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
Fixed in 5.15.140:
https://www.cve.org/CVERecord?id=CVE-2023-46862
Fixed in 5.15.141:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Jan 17 21:13:27 UTC 2024 patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.1 +--------------------------+
Tue Jan 16 20:49:28 UTC 2024 patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
+--------------------------+
Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/ +--------------------------+
Sat Dec 30 19:53:07 UTC 2023 patches/packages/sudo-1.9.15p5-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Dec 26 00:20:26 UTC 2023 patches/packages/kernel-firmware-20231222_a7dee43-noarch-1.txz: Upgraded.
Updated to the latest kernel firmware.
patches/packages/linux-5.15.145/*: Upgraded.
These updates fix various bugs and security issues.
Thanks to jwoithe for the PCI fix!
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Jan 21 20:50:08 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
+--------------------------+
Wed Jan 17 21:13:27 UTC 2024 patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.1 +--------------------------+
Tue Jan 16 20:49:28 UTC 2024 patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
(* Security fix *)
+--------------------------+
Wed Jan 10 20:25:54 UTC 2024 patches/packages/xorriso-1.5.6.pl02-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Tue Jan 9 20:49:08 UTC 2024 patches/packages/mozilla-thunderbird-115.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Sun Jan 21 20:50:08 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
+--------------------------+
Wed Jan 17 21:13:27 UTC 2024 patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.1 +--------------------------+
Tue Jan 16 20:49:28 UTC 2024 patches/packages/gnutls-3.8.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
Fix more timing side-channel inside RSA-PSK key exchange.
Fix assertion failure when verifying a certificate chain with a cycle of
cross signatures.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0553
https://www.cve.org/CVERecord?id=CVE-2024-0567
(* Security fix *) patches/packages/xorg-server-1.20.14-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
Heap buffer overflow in XISendDeviceHierarchyEvent.
Heap buffer overflow in DisableDevice.
SELinux context corruption.
SELinux unlabeled GLX PBuffer.
For more information, see:
https://lists.x.org/archives/xorg/2024-January/061525.html
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-11_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-10_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer.
Reattaching to different master device may lead to out-of-bounds memory access.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Sun Jan 21 20:50:08 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
(* Security fix *)
+--------------------------+
Wed Jan 17 21:13:27 UTC 2024 patches/packages/seamonkey-2.53.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.1 +--------------------------+
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
+--------------------------+
Sun Jan 21 20:50:08 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-5_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues. Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6377
https://www.cve.org/CVERecord?id=CVE-2023-6478
https://www.cve.org/CVERecord?id=CVE-2023-6816
https://www.cve.org/CVERecord?id=CVE-2024-0229
https://www.cve.org/CVERecord?id=CVE-2024-0408
https://www.cve.org/CVERecord?id=CVE-2024-0409
https://www.cve.org/CVERecord?id=CVE-2024-21885
https://www.cve.org/CVERecord?id=CVE-2024-21886
https://www.cve.org/CVERecord?id=CVE-2024-21886
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Mon Jan 22 20:57:12 UTC 2024 patches/packages/postfix-3.6.14-x86_64-1_slack15.0.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
+--------------------------+
Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Mon Jan 22 20:57:12 UTC 2024
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Feb 7 20:07:29 UTC 2024 patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
+--------------------------+
Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
+--------------------------+
Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
Tue Jan 23 20:08:07 UTC 2024 patches/packages/mozilla-firefox-115.7.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.7.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-02/
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Thu Feb 8 22:17:18 UTC 2024 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded.
This is a bugfix release that addresses (among other things) an
"unbound variable" error if the signing server is not available.
Thanks to metaed for the heads-up.
+--------------------------+
Wed Feb 7 20:07:29 UTC 2024 patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
+--------------------------+
Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
+--------------------------+
Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/libmilter-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Fri Jan 26 20:59:27 UTC 2024
patches/packages/pam-1.6.0-x86_64-1_slack15.0.txz: Upgraded.
pam_namespace.so: fixed a possible local denial-of-service vulnerability.
For more information, see:
https://seclists.org/oss-sec/2024/q1/31
https://www.cve.org/CVERecord?id=CVE-2024-22365
(* Security fix *)
+--------------------------+
Wed Jan 24 04:53:38 UTC 2024 patches/packages/mozilla-thunderbird-115.7.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-04/
https://www.cve.org/CVERecord?id=CVE-2024-0741
https://www.cve.org/CVERecord?id=CVE-2024-0742
https://www.cve.org/CVERecord?id=CVE-2024-0746
https://www.cve.org/CVERecord?id=CVE-2024-0747
https://www.cve.org/CVERecord?id=CVE-2024-0749
https://www.cve.org/CVERecord?id=CVE-2024-0750
https://www.cve.org/CVERecord?id=CVE-2024-0751
https://www.cve.org/CVERecord?id=CVE-2024-0753
https://www.cve.org/CVERecord?id=CVE-2024-0755
(* Security fix *)
+--------------------------+
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
Fix a deadlock when an object stream's length field is contained in another
object stream. Thanks to Jiahao Liu for the bug report.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2018-7453
https://www.cve.org/CVERecord?id=CVE-2018-16369
https://www.cve.org/CVERecord?id=CVE-2022-36561
https://www.cve.org/CVERecord?id=CVE-2022-41844
https://www.cve.org/CVERecord?id=CVE-2023-2663
https://www.cve.org/CVERecord?id=CVE-2023-2664
https://www.cve.org/CVERecord?id=CVE-2023-3044
https://www.cve.org/CVERecord?id=CVE-2023-3436
(* Security fix *)
+--------------------------+
Thu Feb 8 22:17:18 UTC 2024 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded.
This is a bugfix release that addresses (among other things) an
"unbound variable" error if the signing server is not available.
Thanks to metaed for the heads-up.
+--------------------------+
Wed Feb 7 20:07:29 UTC 2024 patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
+--------------------------+
Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
+--------------------------+
Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1_slack15.0.txz: Upgraded. patches/packages/curl-8.6.0-x86_64-1_slack15.0.txz: Upgraded.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Feb 11 22:11:59 UTC 2024 patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/ +--------------------------+
Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
Fix a deadlock when an object stream's length field is contained in another
object stream. Thanks to Jiahao Liu for the bug report.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2018-7453
https://www.cve.org/CVERecord?id=CVE-2018-16369
https://www.cve.org/CVERecord?id=CVE-2022-36561
https://www.cve.org/CVERecord?id=CVE-2022-41844
https://www.cve.org/CVERecord?id=CVE-2023-2663
https://www.cve.org/CVERecord?id=CVE-2023-2664
https://www.cve.org/CVERecord?id=CVE-2023-3044
https://www.cve.org/CVERecord?id=CVE-2023-3436
(* Security fix *)
+--------------------------+
Thu Feb 8 22:17:18 UTC 2024 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz: Upgraded.
This is a bugfix release that addresses (among other things) an
"unbound variable" error if the signing server is not available.
Thanks to metaed for the heads-up.
+--------------------------+
Wed Feb 7 20:07:29 UTC 2024 patches/packages/expat-2.6.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
+--------------------------+
Sun Feb 4 19:37:40 UTC 2024 patches/packages/libxml2-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
Fix the following security issue:
xmlreader: Don't expand XIncludes when backtracking.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-25062
(* Security fix *)
+--------------------------+
Sat Feb 3 20:54:00 UTC 2024 patches/packages/ca-certificates-20240203-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections. patches/packages/glibc-zoneinfo-2024a-noarch-1_slack15.0.txz: Upgraded.
This package provides the latest timezone updates. +--------------------------+
Wed Jan 31 21:19:19 UTC 2024 extra/sendmail/sendmail-8.18.1-x86_64-1_slack15.0.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and --- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-6516
https://www.cve.org/CVERecord?id=CVE-2023-6516
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
+--------------------------+
Sun Feb 11 22:11:59 UTC 2024 patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/ +--------------------------+
Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
Fix a deadlock when an object stream's length field is contained in another
object stream. Thanks to Jiahao Liu for the bug report.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-2662
https://www.cve.org/CVERecord?id=CVE-2023-2662
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-6516
https://www.cve.org/CVERecord?id=CVE-2023-6516
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
+--------------------------+
Sun Feb 11 22:11:59 UTC 2024 patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/ +--------------------------+
Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
The zero-width character problem can also happen if the page size is very
large -- that needs to be limited too, the same way as character position
coordinates. Thanks to jlinliu for the bug report.
Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
the bug report.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Feb 18 21:03:57 UTC 2024
extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added.
In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added.
In case anyone needs to run binaries linked to the old compiler. +--------------------------+
Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-6516
https://www.cve.org/CVERecord?id=CVE-2023-6516
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
testing/packages/bind-9.18.24-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://kb.isc.org/docs/cve-2023-5679
https://www.cve.org/CVERecord?id=CVE-2023-5679
https://kb.isc.org/docs/cve-2023-5517
https://www.cve.org/CVERecord?id=CVE-2023-5517
https://kb.isc.org/docs/cve-2023-4408
https://www.cve.org/CVERecord?id=CVE-2023-4408
(* Security fix *)
+--------------------------+
Sun Feb 11 22:11:59 UTC 2024 patches/packages/mariadb-10.5.24-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-5-24-release-notes/ +--------------------------+
Fri Feb 9 21:48:09 UTC 2024
patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Fixed a bug in the ICCBased color space parser that was allowing the number
of components to be zero. Thanks to huckleberry for the bug report.
Added checks for PDF object loops in AcroForm::scanField(),
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Sun Feb 18 21:03:57 UTC 2024
extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added.
In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added.
In case anyone needs to run binaries linked to the old compiler. +--------------------------+
Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
Specific queries could trigger an assertion check with nxdomain-redirect
enabled.
Speed up parsing of DNS messages with many different names.
For more information, see:
https://kb.isc.org/docs/cve-2023-50387
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Sun Feb 18 21:03:57 UTC 2024
extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added.
In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added.
In case anyone needs to run binaries linked to the old compiler. +--------------------------+
Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
Specific DNS answers could cause a denial-of-service condition due to DNS
validation taking a long time.
Query patterns that continuously triggered cache database maintenance could
exhaust all available memory on the host running named.
Restore DNS64 state when handling a serve-stale timeout.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Sun Feb 18 21:03:57 UTC 2024
extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added.
In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added.
In case anyone needs to run binaries linked to the old compiler. +--------------------------+
Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024 patches/packages/dnsmasq-2.90-x86_64-1_slack15.0.txz: Upgraded.
Add limits on the resources used to do DNSSEC validation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-50387
https://www.cve.org/CVERecord?id=CVE-2023-50868
(* Security fix *)
+--------------------------+
Tue Feb 13 19:19:24 UTC 2024 patches/packages/bind-9.16.48-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Sun Feb 18 21:03:57 UTC 2024
extra/llvm-17.0.6-x86_64-1_slack15.0.txz: Added.
In case anyone needs a newer compiler. extra/llvm13-compat-13.0.0-x86_64-1_slack15.0.txz: Added.
In case anyone needs to run binaries linked to the old compiler. +--------------------------+
Fri Feb 16 20:18:59 UTC 2024 patches/packages/ca-certificates-20240216-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
+--------------------------+
Wed Feb 14 04:18:12 UTC 2024
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-06/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
Tue Feb 20 21:08:27 UTC 2024 patches/packages/libuv-1.48.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a server-side request forgery (SSRF) flaw.
Thanks to alex2grad for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-24806
(* Security fix *)
+--------------------------+
Tue Feb 20 18:41:59 UTC 2024 patches/packages/mozilla-firefox-115.8.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.8.0/releasenotes/
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html +--------------------------+
Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-07/
https://www.cve.org/CVERecord?id=CVE-2024-1546
https://www.cve.org/CVERecord?id=CVE-2024-1547
https://www.cve.org/CVERecord?id=CVE-2024-1548
https://www.cve.org/CVERecord?id=CVE-2024-1549
https://www.cve.org/CVERecord?id=CVE-2024-1550
https://www.cve.org/CVERecord?id=CVE-2024-1551
https://www.cve.org/CVERecord?id=CVE-2024-1552
https://www.cve.org/CVERecord?id=CVE-2024-1553
(* Security fix *)
+--------------------------+
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt.
Fixes security issues:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
Mishandling of permission validation for pipe devices could allow arbitrary
code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
(* Security fix *)
+--------------------------+
Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html +--------------------------+
Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts: skip *.orig files. Thanks to metaed. patches/packages/mozilla-thunderbird-115.8.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt.
Fixes security issues:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
Mishandling of permission validation for pipe devices could allow arbitrary
code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
(* Security fix *)
+--------------------------+
Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html +--------------------------+
Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Feb 23 20:37:29 UTC 2024 patches/packages/dcron-4.5-x86_64-13_slack15.0.txz: Rebuilt.
This is a bugfix release.
run-parts.8: document skiping *.orig files. Thanks to metaed. +--------------------------+
Wed Feb 21 20:00:08 UTC 2024 patches/packages/dcron-4.5-x86_64-12_slack15.0.txz: Rebuilt.
This is a bugfix release.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:

https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb6937468 54aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
+--------------------------+
Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt.
Fixes security issues:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
Mishandling of permission validation for pipe devices could allow arbitrary
code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
(* Security fix *)
+--------------------------+
Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html +--------------------------+
Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded.
Fixed a regression in openjpeg-2.5.1:
API breakage / openjpeg version no longer detected (openjpeg.h no longer
includes opj_config.h).
+--------------------------+
Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
+--------------------------+
Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
+--------------------------+
Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
+--------------------------+
Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:

https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb6937468 54aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
+--------------------------+
Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt.
Fixes security issues:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
Mishandling of permission validation for pipe devices could allow arbitrary
code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
(* Security fix *)
+--------------------------+
Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:

https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.ht ml
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2024-0450
https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
+--------------------------+
Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:

https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb6937468 54aa8
https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
+--------------------------+
Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
+--------------------------+
Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:

https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.ht ml
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2024-0450
https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
+--------------------------+
Wed Mar 13 19:46:48 UTC 2024
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
+--------------------------+
Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
+--------------------------+
Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:

https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.ht ml
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2024-0450
https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *) patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Mar 27 19:16:09 UTC 2024 patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release fixes the following security issues:
TLS certificate check bypass with mbedTLS.
HTTP/2 push headers memory-leak.
QUIC certificate check bypass with wolfSSL.
Usage of disabled protocol.
For more information, see:
https://curl.se/docs/CVE-2024-2466.html
https://curl.se/docs/CVE-2024-2398.html
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2004.html
https://www.cve.org/CVERecord?id=CVE-2024-2466
https://www.cve.org/CVERecord?id=CVE-2024-2398
https://www.cve.org/CVERecord?id=CVE-2024-2379
https://www.cve.org/CVERecord?id=CVE-2024-2004
(* Security fix *)
+--------------------------+
Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
+--------------------------+
Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
+--------------------------+
Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:

https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.ht ml
https://www.cve.org/CVERecord?id=CVE-2023-52425
https://www.cve.org/CVERecord?id=CVE-2024-0450
https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
testing/packages/bind-9.18.25-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Mar 20 00:08:59 UTC 2024 patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *) patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Mar 29 02:25:21 UTC 2024 patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
+--------------------------+
Thu Mar 28 21:40:08 UTC 2024 patches/packages/seamonkey-2.53.18.2-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-3_slack15.0.txz: Rebuilt.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
+--------------------------+
Wed Mar 27 19:16:09 UTC 2024 patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release fixes the following security issues:
TLS certificate check bypass with mbedTLS.
HTTP/2 push headers memory-leak.
QUIC certificate check bypass with wolfSSL.
Usage of disabled protocol.
For more information, see:
https://curl.se/docs/CVE-2024-2466.html
https://curl.se/docs/CVE-2024-2398.html
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2004.html
https://www.cve.org/CVERecord?id=CVE-2024-2466
https://www.cve.org/CVERecord?id=CVE-2024-2398
https://www.cve.org/CVERecord?id=CVE-2024-2379
https://www.cve.org/CVERecord?id=CVE-2024-2004
(* Security fix *)
+--------------------------+
Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
+--------------------------+
Sat Mar 23 19:34:02 UTC 2024 patches/packages/mozilla-firefox-115.9.1esr-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-16/
https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
+--------------------------+
Wed Mar 20 21:10:30 UTC 2024 patches/packages/bind-9.16.49-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/python3-3.9.19-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Wed Apr 3 19:58:56 UTC 2024 patches/packages/whois-5.5.22-x86_64-1_slack15.0.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Mar 29 02:25:21 UTC 2024 patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
+--------------------------+
Thu Mar 28 21:40:08 UTC 2024 patches/packages/seamonkey-2.53.18.2-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
patches/packages/util-linux-2.37.4-x86_64-3_slack15.0.txz: Rebuilt.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
+--------------------------+
Wed Mar 27 19:16:09 UTC 2024 patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release fixes the following security issues:
TLS certificate check bypass with mbedTLS.
HTTP/2 push headers memory-leak.
QUIC certificate check bypass with wolfSSL.
Usage of disabled protocol.
For more information, see:
https://curl.se/docs/CVE-2024-2466.html
https://curl.se/docs/CVE-2024-2398.html
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2004.html
https://www.cve.org/CVERecord?id=CVE-2024-2466
https://www.cve.org/CVERecord?id=CVE-2024-2398
https://www.cve.org/CVERecord?id=CVE-2024-2379
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
+--------------------------+
Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Wed Apr 3 19:58:56 UTC 2024 patches/packages/whois-5.5.22-x86_64-1_slack15.0.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
+--------------------------+
Fri Mar 29 02:25:21 UTC 2024 patches/packages/coreutils-9.5-x86_64-1_slack15.0.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
+--------------------------+
Thu Mar 28 21:40:08 UTC 2024 patches/packages/seamonkey-2.53.18.2-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
+--------------------------+
Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Wed Apr 3 19:58:56 UTC 2024 patches/packages/whois-5.5.22-x86_64-1_slack15.0.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:

https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c 3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
+--------------------------+
Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
+--------------------------+
Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-x86_64-12_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-x86_64-11_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
+--------------------------+
Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:

https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c 3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
+--------------------------+
Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
+--------------------------+
Wed Apr 3 22:22:06 UTC 2024 patches/packages/xorg-server-1.20.14-x86_64-12_slack15.0.txz: Rebuilt.
This update fixes security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
+--------------------------+
Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
+--------------------------+
Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:

https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c 3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
+--------------------------+
Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59
https://www.cve.org/CVERecord?id=CVE-2024-27316
https://www.cve.org/CVERecord?id=CVE-2024-24795
https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
patches/packages/nghttp2-1.61.0-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q
https://www.kb.cert.org/vuls/id/421644
https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
+--------------------------+
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
+--------------------------+
Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
+--------------------------+
Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:

https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c 3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
+--------------------------+
Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
+--------------------------+
Thu Apr 4 20:49:23 UTC 2024 patches/packages/httpd-2.4.59-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thund erbird115.10
(* Security fix *)
+--------------------------+
Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
+--------------------------+
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
+--------------------------+
Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
+--------------------------+
Mon Apr 8 18:44:37 UTC 2024 patches/packages/libarchive-3.7.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:

https://github.com/libarchive/libarchive/commit/f27c173d17dc807733b3a4f8c11207c 3f04ff34f
https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
+--------------------------+
Fri Apr 5 20:11:23 UTC 2024 extra/tigervnc/tigervnc-1.12.0-x86_64-6_slack15.0.txz: Rebuilt.
Recompiled against xorg-server-1.20.14, including the latest patches for
several security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.html
https://www.cve.org/CVERecord?id=CVE-2024-31080
https://www.cve.org/CVERecord?id=CVE-2024-31081
https://www.cve.org/CVERecord?id=CVE-2024-31082
https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Apr 19 05:38:28 UTC 2024 patches/packages/mozilla-thunderbird-115.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.1/releasenotes/ +--------------------------+
Thu Apr 18 19:17:30 UTC 2024 patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt. testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thund erbird115.10
(* Security fix *)
+--------------------------+
Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
+--------------------------+
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
+--------------------------+
Fri Apr 12 19:08:59 UTC 2024
extra/php81/php81-8.1.28-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
Command injection via array-ish $command parameter of proc_open.
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix.
Password_verify can erroneously return true, opening ATO risk.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.1.28
https://www.cve.org/CVERecord?id=CVE-2024-1874
https://www.cve.org/CVERecord?id=CVE-2024-2756
https://www.cve.org/CVERecord?id=CVE-2024-3096
(* Security fix *)
+--------------------------+
Mon Apr 8 18:44:37 UTC 2024
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Fri Apr 19 19:36:17 UTC 2024 patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz: Upgraded.
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32041
https://www.cve.org/CVERecord?id=CVE-2024-32039
https://www.cve.org/CVERecord?id=CVE-2024-32040
https://www.cve.org/CVERecord?id=CVE-2024-32458
https://www.cve.org/CVERecord?id=CVE-2024-32459
https://www.cve.org/CVERecord?id=CVE-2024-32460
(* Security fix *)
+--------------------------+
Fri Apr 19 05:38:28 UTC 2024 patches/packages/mozilla-thunderbird-115.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.1/releasenotes/ +--------------------------+
Thu Apr 18 19:17:30 UTC 2024 patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt. testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thund erbird115.10
(* Security fix *)
+--------------------------+
Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
+--------------------------+
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN --- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)

Mon Apr 22 19:36:38 UTC 2024 patches/packages/freerdp-2.11.7-x86_64-1_slack15.0.txz: Upgraded.
This release eliminates a bunch of issues detected during oss-fuzz runs.
(* Security fix *)
+--------------------------+
Fri Apr 19 19:36:17 UTC 2024 patches/packages/freerdp-2.11.6-x86_64-1_slack15.0.txz: Upgraded.
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32041
https://www.cve.org/CVERecord?id=CVE-2024-32039
https://www.cve.org/CVERecord?id=CVE-2024-32040
https://www.cve.org/CVERecord?id=CVE-2024-32458
https://www.cve.org/CVERecord?id=CVE-2024-32459
https://www.cve.org/CVERecord?id=CVE-2024-32460
(* Security fix *)
+--------------------------+
Fri Apr 19 05:38:28 UTC 2024 patches/packages/mozilla-thunderbird-115.10.1-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.1/releasenotes/ +--------------------------+
Thu Apr 18 19:17:30 UTC 2024 patches/packages/bind-9.16.50-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release. patches/packages/aaa_glibc-solibs-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-x86_64-6_slack15.0.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
patches/packages/glibc-i18n-2.33-x86_64-6_slack15.0.txz: Rebuilt. patches/packages/glibc-profile-2.33-x86_64-6_slack15.0.txz: Rebuilt. testing/packages/bind-9.18.26-x86_64-1_slack15.0.txz: Upgraded.
This is a bugfix release.
+--------------------------+
Wed Apr 17 20:35:48 UTC 2024 patches/packages/mozilla-thunderbird-115.10.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.10.0/releasenotes/

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thund erbird115.10
(* Security fix *)
+--------------------------+
Tue Apr 16 18:50:13 UTC 2024 patches/packages/mozilla-firefox-115.10.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.10.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-19/
https://www.cve.org/CVERecord?id=CVE-2024-3852
https://www.cve.org/CVERecord?id=CVE-2024-3854
https://www.cve.org/CVERecord?id=CVE-2024-3857
https://www.cve.org/CVERecord?id=CVE-2024-2609
https://www.cve.org/CVERecord?id=CVE-2024-3859
https://www.cve.org/CVERecord?id=CVE-2024-3861
https://www.cve.org/CVERecord?id=CVE-2024-3863
https://www.cve.org/CVERecord?id=CVE-2024-3302
https://www.cve.org/CVERecord?id=CVE-2024-3864
(* Security fix *)
+--------------------------+
Sun Apr 14 18:35:32 UTC 2024
patches/packages/less-653-x86_64-1_slack15.0.txz: Upgraded.
--- SBBSecho 3.20-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1)