20150319
|
@mancha, thanks for all the work.
Are you aware if we are to expect a formal announcement from the slackware-security list? |
php-5.4.39
php-5.4.39 is out.
Quote:
http://us.php.net/distributions/php-5.4.39.tar.bz2.asc |
Quote:
I'm afraid I don't have an answer for you. You'll have to contact Pat directly for more information. Meantime, Slackware 14.0 (and later) users can use the build materials I've just put together for interested slackers. Save the script below as opensslbuild.sh and run it: Code:
# sh opensslbuild.sh to skip signature verification (I recommend you don't), you can run the script as: Code:
# gpg=no sh opensslbuild.sh force "-march=i486 -mtune=i686" compiler flags for x86 builds. You're probably not building to distribute, after all. Enjoy. --mancha ========== Code:
#!/bin/bash |
Update 20150326
|
Thanks mancha.
That leads to a question or request: would it be possible to communicate this kind of information through a mailing list? LQ is not easily if at all usable by blind people (try in links or lynx to check). Maybe the unofficial Slackware mailing list? This one or another, a mailing list is more easily accessible by blind people than this website. There is already the official slackware-security mailing list, but of course that's only for officially released patches. Anyone feel free to open another thread to answer with a specific topic, then I will add a link to this new thread in this post. |
I also recommend using a mailing list, otherwise this thread could get very large.
|
Quote:
I very much like the idea of an open & active Slackware security email discussion list complemented by some kind of tracker (e.g. Bugzilla). Unfortunately, neither exist. The list you linked is rather small (I count only 30 posters in 2014). This might be OK as long as the list's owner makes archives available to non-members. Do you know who runs the list and why its archives are private? Meantime, LQ-Slackware, with its large & lively membership and semi-official status, is a good platform for broad-based security information dissemination and discussion. I'm aware using LQ for this has its drawbacks (e.g. large threads are hard to follow, can't work offline, etc.). Then again, what platform doesn't have drawbacks? --mancha PS As to access for the disabled, I'm terribly ignorant on the state-of-the-art of assistive computer technologies but Jeremy Garcia might be interested to hear from the blind Slackware users you know regarding how to improve LQ's accessibility. |
Update 20150407
|
Update 20150411
|
this is an interesting problem
http://lists.x.org/archives/xorg-ann...il/002561.html I think this means everything that uses a macro and was build with the problem version needs to be rebuild. |
Quote:
See http://pastebin.com/g50rxGtU for output of grep on the soures in slackware-14.1. |
Hopefully I'm not duplicating, but I couldn't find anything on this list for the security vulnerabilities in mariadb 5.5.40 that is the latest in 14.1 and current, they were fixed in 5.5.41 on Dec 21 2014
https://mariadb.com/kb/en/mariadb/ma...release-notes/ It fixes six vulnerabilities CVE-2015-0411 CVSS v2 Base Score: 7.5 (HIGH) CVE-2015-0382 CVSS v2 Base Score: 4.3 (MEDIUM) CVE-2015-0381 CVSS v2 Base Score: 4.3 (MEDIUM) CVE-2015-0432 CVSS v2 Base Score: 4.0 (MEDIUM) CVE-2014-6568 CVSS v2 Base Score: 3.5 (LOW) CVE-2015-0374 CVSS v2 Base Score: 3.5 (LOW) |
Update 20150420
PS pataphysician, you're not duplicating - thanks for the mariadb alert. |
Update 20150423
|
All times are GMT -5. The time now is 02:14 AM. |