diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2024-03-20 00:08:59 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2024-03-20 13:30:42 +0100 |
| commit | 56c586940289967700f069619a0a1b0b89fa70e8 (patch) | |
| tree | 8c57cee39740d2b262f62e58d4cfc799ef4c5110 /ChangeLog.txt | |
| parent | 735bb1f74b6a51e0d74afc2a348817da78fab747 (diff) | |
| download | current-56c586940289967700f069619a0a1b0b89fa70e8.tar.gz current-56c586940289967700f069619a0a1b0b89fa70e8.tar.xz | |
Wed Mar 20 00:08:59 UTC 202420240320000859_15.0
patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded.
This update fixes two medium severity security issues:
libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis (#1516).
libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff (#1525)
and yixiangzhike (#1527).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28834
https://www.cve.org/CVERecord?id=CVE-2024-28835
(* Security fix *)
patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-13/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/
https://www.cve.org/CVERecord?id=CVE-2024-0743
https://www.cve.org/CVERecord?id=CVE-2024-2605
https://www.cve.org/CVERecord?id=CVE-2024-2607
https://www.cve.org/CVERecord?id=CVE-2024-2608
https://www.cve.org/CVERecord?id=CVE-2024-2616
https://www.cve.org/CVERecord?id=CVE-2023-5388
https://www.cve.org/CVERecord?id=CVE-2024-2610
https://www.cve.org/CVERecord?id=CVE-2024-2611
https://www.cve.org/CVERecord?id=CVE-2024-2612
https://www.cve.org/CVERecord?id=CVE-2024-2614
(* Security fix *)
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 66e61ae95..bbe9ebbda 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,48 @@ +Wed Mar 20 00:08:59 UTC 2024 +patches/packages/gnutls-3.8.4-x86_64-1_slack15.0.txz: Upgraded. + This update fixes two medium severity security issues: + libgnutls: Fix side-channel in the deterministic ECDSA. + Reported by George Pantelakis (#1516). + libgnutls: Fixed a bug where certtool crashed when verifying a certificate + chain with more than 16 certificates. Reported by William Woodruff (#1525) + and yixiangzhike (#1527). + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2024-28834 + https://www.cve.org/CVERecord?id=CVE-2024-28835 + (* Security fix *) +patches/packages/mozilla-firefox-115.9.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/115.9.0/releasenotes/ + https://www.mozilla.org/security/advisories/mfsa2024-13/ + https://www.cve.org/CVERecord?id=CVE-2024-0743 + https://www.cve.org/CVERecord?id=CVE-2024-2605 + https://www.cve.org/CVERecord?id=CVE-2024-2607 + https://www.cve.org/CVERecord?id=CVE-2024-2608 + https://www.cve.org/CVERecord?id=CVE-2024-2616 + https://www.cve.org/CVERecord?id=CVE-2023-5388 + https://www.cve.org/CVERecord?id=CVE-2024-2610 + https://www.cve.org/CVERecord?id=CVE-2024-2611 + https://www.cve.org/CVERecord?id=CVE-2024-2612 + https://www.cve.org/CVERecord?id=CVE-2024-2614 + (* Security fix *) +patches/packages/mozilla-thunderbird-115.9.0-x86_64-1_slack15.0.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/115.9.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ + https://www.cve.org/CVERecord?id=CVE-2024-0743 + https://www.cve.org/CVERecord?id=CVE-2024-2605 + https://www.cve.org/CVERecord?id=CVE-2024-2607 + https://www.cve.org/CVERecord?id=CVE-2024-2608 + https://www.cve.org/CVERecord?id=CVE-2024-2616 + https://www.cve.org/CVERecord?id=CVE-2023-5388 + https://www.cve.org/CVERecord?id=CVE-2024-2610 + https://www.cve.org/CVERecord?id=CVE-2024-2611 + https://www.cve.org/CVERecord?id=CVE-2024-2612 + https://www.cve.org/CVERecord?id=CVE-2024-2614 + (* Security fix *) ++--------------------------+ Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. |