[Slackware 14.1rc1]: Some loose ends
Hello. A few requests/suggestions I'd like to summarize before 14.1 releases:
1. Security: a. yp-tools: Since my name is associated with the crypt() fix, I'd like to request you re-build using my corrected patch. b. libtiff It seems Slackware 14.1 will stay on the 3.9.x branch. In that case I suggest upgrading to tiff 3.9.7 (which addresses CVE-2012-2088, CVE-2012-2113) and applying the following backports I've put together from upstream: tiff-3.9.7_CVS20130502.diff (sig) addresses CVE-2012-4447, CVE-2012-4564, CVE-2013-1960, CVE-2013-1961 tiff-3.9.7_CVE-2013-4231.diff (sig) addresses CVE-2013-4231 tiff-3.9.7_CVE-2013-4232.diff (sig) addresses CVE-2013-4232 tiff-3.9.7_CVE-2013-4244.diff (sig) addresses CVE-2013-4244 2. Suggested Upgrade: a. OpenSSH Upgrading to 6.3p1 would be worthwhile. Aside from bug-fixes, there are some nice new features like download resumption in sftp, proxying through stdin/stdout, and time-based rekeying. 3. Optional Bug-Fixes: a. util-linux agetty included in util-linux 2.21.2 doesn't properly filter arrow keys. See this thread for the discussion about the wandering cursor at login and util-linux-2.21.2-fixcursor.diff for my fix. b. bash bash 4.2 currently has no support for multibyte characters in ansic_* functions. this means no multi-byte char suport in printf %q, command not found messages, XTRACE output, etc. This thread describes the issue noted with "command not found" and bash-4.2-widechars.diff has the fix. --mancha PS You might have noticed my URLs have changed. I've re-organized things into a new project: http://sf.net/projects/mancha. The old project will remain to not break existing links but will not be updated. |
Quote:
|
Hi , Pat, hplip-3.13.10 has a security update also:
http://hplipopensource.com/hplip-web/release_notes.html (fix for CVE-2013-4325:Insecure Polkit use) |
Quote:
|
I saw that the libtiff security updates were applied to current and stable last night, but there's been no notification on the slackware-security list.
|
@Pat:
Many thanks for the yp-tools rebuild. BTW, this is shaping into a very impressive release. --mancha |
Hi mancha,
If you have some spare time, could you please have a look at CVE-2013-2924? I think the fix is here (at the very end) and here from upstream. Can we apply it to icu4c-51_2? Thanks. |
Hi BrZ.
Your upstream link indeed is the fix for CVE-2013-2924 and applies cleanly to Slackware 14.1rc1's icu4c 51-2. I've placed the patch here: icu4c-51_2_CVE-2013-2924.diff (sig). Note: this is fixed in icu4c 52-1 but an upgrade would imply some API changes. --mancha |
Thanks mancha :hattip:
|
Thanks, Pat, for hplip ;)
|
Quote:
The hplip updates always are ok, they release updates every one or two months. |
Quote:
|
Quote:
I always upgrade hplip to a new version with slackbuild so maybe this is the reason that my hplip is working. |
no slackware is still (and hopefully stays forever) sysvinit.. no systemd here.. :D
|
Off topic, sorry, but did we all see this?
I would like to request CVE ids for 4 systemd issues [seclists.org] I cried real tears :D |
All times are GMT -5. The time now is 12:36 AM. |