Slackers (Slackware current journal) - Slackware – GNU/Linux per SubGeni e Fannulloni

n/bind-9.7.4_P1-i486-1.txz: Upgraded.
— 9.7.4-P1 released —
3218. [security] Cache lookup could return RRSIG data associated with
nonexistent records, leading to an assertion
failure. [RT #26590]
(* Security fix *)

a/glibc-solibs-2.14.1-i486-2.txz: Rebuilt.
a/glibc-zoneinfo-2011i_2011n-noarch-2.txz: Rebuilt.
l/glibc-2.14.1-i486-2.txz: Rebuilt.
Merged ELF patches — Matt Burgess
l/glibc-i18n-2.14.1-i486-2.txz: Rebuilt.
l/glibc-profile-2.14.1-i486-2.txz: Rebuilt.
testing/packages/mozilla-firefox-9.0b1-i486-1.txz: Added.

Good 11-11-11, everyone! Enjoy some fresh time.
a/glibc-solibs-2.14.1-i486-1.txz: Upgraded.
a/glibc-zoneinfo-2011i_2011n-noarch-1.txz: Upgraded.
New upstream homepage: http://www.iana.org/time-zones
l/glibc-2.14.1-i486-1.txz: Upgraded.
l/glibc-i18n-2.14.1-i486-1.txz: Upgraded.
l/glibc-profile-2.14.1-i486-1.txz: Upgraded.

n/openssh-5.9p1-i486-2.txz: Rebuilt.
Upstream different timestamp, size, ChangeLog. GPG verifies on both
this newer one and what we had before (?).
xap/mozilla-firefox-8.0-i486-1.txz: Upgraded.

a/file-5.09-i486-1.txz: Upgraded.
l/seamonkey-solibs-2.4.1-i486-1.txz: Upgraded.
n/httpd-2.2.21-i486-1.txz: Upgraded.
Respond with HTTP_NOT_IMPLEMENTED when the method is not
recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348
Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20.
PR 51748. []
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348

(* Security fix *)
xap/mozilla-firefox-7.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

(* Security fix *)
xap/mozilla-thunderbird-7.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

(* Security fix *)
xap/seamonkey-2.4.1-i486-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/announce/

(* Security fix *)
testing/packages/mozilla-firefox-8.0b2-i486-1.txz: Upgraded.

n/openssh-5.9p1-i486-1.txz: Upgraded.

l/seamonkey-solibs-2.3.3-i486-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/announce/

http://www.mozilla.org/security/announce/2011/mfsa2011-34.html

(* Security fix *)
n/httpd-2.2.20-i486-1.txz: Upgraded.
SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

(* Security fix *)
xap/mozilla-firefox-6.0.2-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html

http://www.mozilla.org/security/announce/2011/mfsa2011-34.html

(* Security fix *)
xap/mozilla-thunderbird-6.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html

http://www.mozilla.org/security/announce/2011/mfsa2011-34.html

(* Security fix *)
xap/seamonkey-2.3.3-i486-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:

http://www.mozilla.org/security/announce/

http://www.mozilla.org/security/announce/2011/mfsa2011-34.html

(* Security fix *)
testing/packages/mozilla-firefox-7.0b4-i486-1.txz: Upgraded.
+————————–
Thu Aug 25 09:10:45 UTC 2011
a/kernel-firmware-20110814git-noarch-1.txz: Upgraded.
Fetch the latest kernel firmware from git — the stuff in the kernel sources
is somewhat stale.
ap/soma-2.7.1-noarch-1.txz: Added.
Soma is a command line/dialog Internet radio player.
Thanks to David Woodfall.
l/jre-6u27-i586-1.txz: Upgraded.
n/php-5.3.8-i486-1.txz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483

(* Security fix *)
extra/jdk-6/jdk-6u27-i586-1.txz: Upgraded.
testing/packages/mozilla-firefox-7.0b1-i486-1.txz: Added.

a/kernel-firmware-20110814git-noarch-1.txz: Upgraded.
Fetch the latest kernel firmware from git — the stuff in the kernel sources
is somewhat stale.
ap/soma-2.7.1-noarch-1.txz: Added.
Soma is a command line/dialog Internet radio player.
Thanks to David Woodfall.
l/jre-6u27-i586-1.txz: Upgraded.
n/php-5.3.8-i486-1.txz: Upgraded.
Security fixes vs. 5.3.6 (5.3.7 was not usable):
Updated crypt_blowfish to 1.2. (CVE-2011-2483)
Fixed crash in error_log(). Reported by Mateusz Kocielski
Fixed buffer overflow on overlog salt in crypt().
Fixed bug #54939 (File path injection vulnerability in RFC1867
File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483

(* Security fix *)
extra/jdk-6/jdk-6u27-i586-1.txz: Upgraded.
testing/packages/mozilla-firefox-7.0b1-i486-1.txz: Added.
+————————–
Sun Aug 14 17:49:30 UTC 2011
n/wget-1.13-i486-1.txz: Upgraded.
xap/mozilla-firefox-6.0-i486-1.txz: Upgraded.

n/wget-1.13-i486-1.txz: Upgraded.
xap/mozilla-firefox-6.0-i486-1.txz: Upgraded.

d/binutils-2.21.53.0.2-i486-1.txz: Upgraded.
n/bind-9.7.4-i486-1.txz: Upgraded.
This BIND update addresses a couple of security issues:
* named, set up to be a caching resolver, is vulnerable to a user
querying a domain with very large resource record sets (RRSets)
when trying to negatively cache the response. Due to an off-by-one
error, caching the response could cause named to crash. [RT #24650]
[CVE-2011-1910]
* Change #2912 (see CHANGES) exposed a latent bug in the DNS message
processing code that could allow certain UPDATE requests to crash
named. [RT #24777] [CVE-2011-2464]
For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464

(* Security fix *)