Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
03-10-2022, 10:15 PM
|
#16
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
Quote:
Originally Posted by Tonus
Not so sure. Average users depend on Pat's reactivity and for more advanced or concerned users, there're mailing lists and so on...
|
This is not necessarily only for users, advanced or not
The main goal, here, is to post what people found elsewhere (nist.gov, gentoo, arch, ...) and give visibility for everyone, Mr. Volkerding icluded
This may or may not be useful, but it has the merit to exist.
If you look at the changelog, there are many patches that have been applied thanks to user reports.
Last edited by marav; 03-10-2022 at 10:23 PM.
|
|
|
03-11-2022, 07:30 AM
|
#17
|
Senior Member
Registered: Jan 2007
Location: Paris, France
Distribution: Slackware-15.0
Posts: 1,421
|
Yes indeed. I just believe our BDFL does not rely on sticky posts and subscribe to the most relevent threads.
I like the less for the number of sticky posts and subscribe to (too) much more threads.
|
|
2 members found this post helpful.
|
03-11-2022, 08:21 AM
|
#18
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
Quote:
Originally Posted by Tonus
Yes indeed. I just believe our BDFL does not rely on sticky posts and subscribe to the most relevent threads.
I like the less for the number of sticky posts and subscribe to (too) much more threads.
|
5 sticky threads is not that much (if we remove, in my POV, the useless one ...)
|
|
1 members found this post helpful.
|
03-25-2022, 05:39 PM
|
#20
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
Last edited by marav; 03-25-2022 at 05:40 PM.
|
|
|
03-28-2022, 07:50 PM
|
#21
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
|
|
1 members found this post helpful.
|
03-30-2022, 08:27 AM
|
#22
|
Member
Registered: Mar 2015
Location: Las Vegas, NV
Distribution: Slackware 15.0 x64, Slackware Live 15.0 x64
Posts: 642
|
Quote:
Originally Posted by Tonus
Not so sure. Average users depend on Pat's reactivity and for more advanced or concerned users, there're mailing lists and so on...
|
This. It seems easier to simply keep getting the 'upgrade' notices via e-mails that also already have the download link for the file.
|
|
|
03-30-2022, 09:24 AM
|
#23
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
Vim 8.2.x
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646
CVE-2022-1154:
https://nvd.nist.gov/vuln/detail/CVE-2022-1154
EDIT:
+
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.
CVE-2022-1160:
https://nvd.nist.gov/vuln/detail/CVE-2022-1160
Update:
Latest version 8.2. 46494650
Last edited by marav; 03-30-2022 at 04:35 PM.
|
|
2 members found this post helpful.
|
03-30-2022, 09:47 AM
|
#24
|
Member
Registered: Jul 2014
Distribution: Slackware_x64 15
Posts: 68
Rep:
|
Well it certainly seems that someone is finding this thread useful:
Code:
patches/packages/zlib-1.2.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes memory corruption when deflating (i.e., when compressing)
if the input has many distant matches. Thanks to marav.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
(* Security fix *)
As previously stated by the OP, the thread is not expressly for the benefit of end-users; but rather, a place slackers can report vulnerabilities spotted in the wild.
I think it's a valuable thread and agree that it ought to be pinned. Thanks to you marav.
|
|
4 members found this post helpful.
|
03-30-2022, 03:39 PM
|
#25
|
Senior Member
Registered: Jan 2007
Location: Paris, France
Distribution: Slackware-15.0
Posts: 1,421
|
It's indeed a very valuable thread ! Do not misread me : I do not think it's useful to have it sticky. I believe our BDFL will/have subscribe/d.
|
|
1 members found this post helpful.
|
04-03-2022, 05:55 AM
|
#26
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
libtiff 4.3.0
Code:
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the
TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched
remotely but requires user interaction.
The exploit has been disclosed to the public and may be used.
CVE:
https://nvd.nist.gov/vuln/detail/CVE-2022-1210
No patch yet
|
|
2 members found this post helpful.
|
04-07-2022, 07:02 PM
|
#27
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
xz 5.2.5
xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
Code:
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.
xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
This patch works for all of them.
This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.
Patch:
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
Last edited by marav; 04-08-2022 at 10:53 AM.
Reason: patch url
|
|
|
04-12-2022, 07:25 PM
|
#28
|
LQ Sage
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,677
Original Poster
|
|
|
1 members found this post helpful.
|
04-12-2022, 08:10 PM
|
#29
|
Senior Member
Registered: Dec 2005
Location: Springfield, MO
Distribution: Slackware64-15.0
Posts: 2,806
|
Git 2.35.2
https://www.phoronix.com/scan.php?pa...CVE-2022-24765
Technically this doesn't really affect non-windows systems, but worth mentioning.
Last edited by Daedra; 04-12-2022 at 08:11 PM.
|
|
|
All times are GMT -5. The time now is 06:39 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|