Mutt 2.0.5 was released on January 21, 2021. This is a bug-fix release, fixing a few memory leaks, including CVE-2021-3181.
ftp://ftp.mutt.org/pub/mutt/mutt-2.0.5.tar.gz

CVE-2021-3156 sudo heap buffer overflow
 

CVE-2021-3156
Heap buffer overflow affecting sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.

Patch is here.

Additional note: Conditional check of libpam symbolic link in sudo.Slackbuild fails on Slackware64 because LIBDIRSUFFIX is not defined in the arch detection stanza like it usually is.

Fixed in -current (and 14.0, 14.1, 14.2).

Recently several dnsmasq vulnerabilities were reported. Version 2.78 in 14.2 is affected.

CVE-2021-21148 affects Google Chrome/Chromium-based browsers
Upgrade to Chromium 88.0.4324.150 or later.
https://chromereleases.googleblog.co...desktop_4.html

GNU Screen up to and including version 4.8.0 is vulnerable to CVE-2021-26937
https://www.linuxquestions.org/quest...ty-4175690257/
https://cve.mitre.org/cgi-bin/cvenam...CVE-2021-26937
A patch is available here:
https://salsa.debian.org/debian/scre...21-26937.patch

The patch seems to apply cleanly on 4.8.0 running Slackware-current as far as I can tell.

OpenSSL 1.1.1j
Upgraded in -current according to the latest ChangeLogs:

python 3.x through 3.9.1 are vulnerable to CVE-2021-3117

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2021-3177

Not aware of any patch yet.

this should be the backported patch from the development branch

https://github.com/python/cpython/co...1353ecc3.patch

Bind-9.10.12 affected by a serious bug according to this: http://wiki.linuxfromscratch.org/blfs/ticket/14683

it's advised to downgrade to bind-9.10.11 + a sed patch.

Kinda "nice" thread, but perhaps unstick it and create [Slackware security] vulnerabilities outstanding 20210301 ?

Or whatever month/day we go beyond Slackware 15 beta...

Thunderbird 78.8.0 fixes the following security vulnerabilities:
https://www.mozilla.org/en-US/securi...s/mfsa2021-09/
Edit:
Available in -current according to the latest ChangeLogs.

duplicate post.

GRUB: 117 security patches at once.
 

Daniel Kiper just released no less than 117 patches to fix vulnerabilities in GRUB.

I have pulled from git master and built a new GRUB package for Slint that I will upload today. I suggest to do the same for Slackware.

This is the reason why, although I tested GRUB in the virtual machine, I did not install it on the test server or on the production one.
GRUB 2.04 has quite a few issues (e.g. the BootHole vulnerability) and version 2.06 is still pending.