20090125 - Updated bind to 9.4.3-P1 *SECURITY FIX* - Updated ntp to 4.2.4p6 *SECURITY FIX* - Patched openssl (and -solibs). *SECURITY FIX* 20090111 - Updated Firefox to 2.0.0.20 *SECURITY FIX* - Updated Seamonkey to 1.1.14 *SECURITY FIX* - Updated Seamonkey to 2.0.0.19 *SECURITY FIX* 20081216 - Replaced Seamonkey package with the 11.0 one (was 12.0). - Renamed vim-gvim to have 11.0, not 12.0 in the name (was correct package, incorrectly named). 20081207 - Updated Mozilla Firefox to 2.0.0.18 *SECURITY FIX* - Updated Seamonkey to 1.1.13 *SECURITY FIX* - Updated Mozilla Thunderbird to 2.0.0.18 *SECURITY FIX* - Updated libxml2 to 2.6.32 *SECURITY FIX* - Updated ruby to 1.8.7-p72 *SECURITY FIX* - Updated samba to 3.0.33 *SECURITY FIX* 20081009 - Updated Mozilla Firefox to 2.0.0.17 *SECURITY FIX* - Updated Mozilla Thunderbird to 2.0.0.17 *SECURITY FIX* - Updated Seamonkey to 1.1.12 *SECURITY FIX* 20080907 - Updated php4 in to 4.4.9 - *SECURITY FIX* Please note that PHP4 is being dropped by the PHP project at the end of the year, and you should make sure you are able to migrate away by then. 20080831 - Updated Amarok to 1.4.10 - requires new libgpod. *SECURITY FIX* - Updated dnsmasq to 2.45 - *SECURITY FIX* - Updated fetchmail to 6.3.8 - *SECURITY FIX* - Updated libgpod to 0.6.0 - Updated links to 2.1 - *SECURITY FIX* - Rebuilt OpenSSH against new OpenSSL - Updated OpenSSL to 0.9.8h - *SECURITY FIX* Be sure to update OpenSSH and proftpd when installing this update. - Updated proftpd to 1.3.1, and rebuilt against new OpenSSL - Updated python to 2.4.5 - *SECURITY FIX* - Updated vim and vim-gvim to 7.1.330 - *SECURITY FIX* 20080722 - Updated Mozilla Firefox to 2.0.0.16 - *SECURITY FIX* - Updated Seamonkey to 1.1.11 - *SECURITY FIX* 20080716 - Updated Ruby to 1.8.6_p230 - *SECURITY FIX* - Updated Bind to 9.4.2_P1 - *SECURITY FIX* - Updated Mozilla Firefox to 2.0.0.15 - *SECURITY FIX* - Updated Seamonkey to 1.1.10 - *SECURITY FIX* 20080605 - Updated libpng to 1.2.27 - *SECURITY FIX* - Updated samba to 3.0.30 - *SECURITY FIX* - Updated rdesktop to 1.6.0 - *SECURITY FIX* 20080509 Note that there's also a PHP5 update in extra/ - Updated Mozilla Thunderbird to 2.0.0.14 *SECURITY FIX* 20080428 - Rebuilt xine-lib with --without-speex and --disable-nosefart *SECURITY FIX* 20080421 - Updated bzip2 to 1.0.5 *SECURITY FIX* - Updated m4 to 1.4.11 *SECURITY FIX* - Patched xine-lib to fix playback of several formats that were accidentally broken in 1.1.11.1. - Updated Mozilla Firefox to 2.0.0.14 *SECURITY FIX* 20080407 - Updated openssh to 5.0p1 *SECURITY FIX* 20080401 - Updated xine-lib to 1.1.11.1 *SECURITY FIX* 20080330 - Updated xine-lib to 1.1.11 *SECURITY FIX* - Updated seamonkey to 1.1.9 *SECURITY FIX* - Updated Mozilla Firefox to 2.0.0.13 *SECURITY FIX* 20080322 - Updated Mozilla Thunderbird to 2.0.0.12 *SECURITY FIX* - Patched espgs with CESA-2008-001 fix *SECURITY FIX* 20080215 - Updated MySQL to 5.0.51 - this was delayed as I didn't know about it, due to some slackware-security emails going missing. Thanks to 'Gargamel' on the forums for pointing this out. *SECURITY FIX* - Updated Mozilla Firefox to 2.0.0.12 *SECURITY FIX* - Updated Seamonkey to 1.1.8 *SECURITY FIX* - Updated Apache to 1.3.41 *SECURITY FIX* - Updated PHP to 4.4.8 *SECURITY FIX* - Updated mod_ssl to 2.8.31_1.3.41 20071204 - Updated cairo to 1.4.12 *SECURITY FIX* - Updated samba to 3.0.27a, fixing a smbfs regression in 3.0.27 20071203 - Updated Mozilla Firefox to 2.0.0.11 *SECURITY FIX* - Updated Mozilla Thunderbird to 2.0.0.9 *SECURITY FIX* - Updated Seamonkey to 1.1.7 *SECURITY FIX* - Updated libpng to 1.2.23 *SECURITY FIX* - Updated rsync to 2.6.9, and added security patches *SECURITY FIX* - Updated samba to 3.0.27 *SECURITY FIX* - Updated xpdf to 3.02pl2 *SECURITY FIX* - Patched PDF issues in kdegraphics *SECURITY FIX* - Patched PDF issues in koffice *SECURITY FIX* 20071028 - Updated Mozilla Firefox to 2.0.0.8 *SECURITY FIX* - Updated Seamonkey to 1.1.5 *SECURITY FIX* 20070919 - Repackaged JDK with a symlink fix (bug 305). - Updated PHP to 5.2.4 - this replaces PHP 4, which has been end-of-lifed by the PHP project. *SECURITY FIX* - Updated OpenSSH 4.7p1 *SECURITY FIX* - Updated Samba to 3.0.26a *SECURITY FIX* 20070912 - Updated JRE to 6u2 *SECURITY FIX* - Updated JDK to 6u2 *SECURITY FIX 20070821 - Removed old versions of packages; please keep in mind that 3rd-party package managers are officially not supported. - Updated tcpdump to 3.9.7/libpcap 0.9.7 *SECURITY FIX* 20070815 - Rebuild bind with proper package naming. Please double check in that you don't have two bind packages installed due to the bad naming of the previous patch. 20070814 - Updated bind to 9.4.1P1. *SECURITY FIX* - Updated gd to 2.0.35 *SECURITY FIX* - Patched poppler to fix an integer overflow - *SECURITY FIX* - Patched qt with fix for a format string vulnerability - *SECURITY FIX* - Updated gimp to 2.2.17 - *SECURITY FIX* - Updated Mozilla Firefox to 3.0.0.6; moved from extra/ as the 1.5 series is no longer supported - *SECURITY FIX* - Updated Mozilla Thunderbird to 2.0.0.6 - *SECURITY FIX* - Updated Mozilla Seamonkey to 1.1.4 - *SECURITY FIX* - Updated xpdf to 3.02pl1 - fixes an integer overflow - *SECURITY FIX* 20070618 - Updated libexif to 0.6.16 *SECURITY FIX* - Updated samba to 3.0.25a *SECURITY FIX* - Updated Mozilla Thunderbird to 2.0.0.4 *SECURITY FIX* 20070603 - Updated Mozilla Firefox to 1.5.0.12 *SECURITY FIX* - Updated Mozilla Thunderbird to 1.5.0.12 *SECURITY FIX* - Updated Mozilla Seamonkey to 1.1.2 *SECURITY FIX* 20070601 - Updated freetype to 2.3.4 *SECURITY FIX* - Updated PHP to 4.4.7 *SECURITY FIX* - Updated Samba to 3.0.26 *SECURITY FIX* - Updated xine-lib to 1.1.6 *SECURITY FIX* - Updated libpng to 1.2.18 *SECURITY FIX* 20070410 I'm not giving descriptions of the security problems here, as it's a pointless duplication of the information found in the Slackware ChangeLog, and my copying it introduces another source of error. Of course, I will still include descriptions of updates for packages that aren't in Slackware but are in Slamd64. Apologies for the added inconvenience, however I believe that most people who apply these updates don't actually read the details anyway. - Updated 'file' to 4.20 - note that you should install this package, even if you don't have a "file" package currently installed. In 11.0, "file" is part of the "bin" package, which every slamd64 install should have. *SECURITY FIX* - Updated GnuPG to 1.4.7 *SECURITY FIX* - Updated ImageMagick to 6.3.3-0 *SECURITY FIX* - Updated Mozilla Firefox to 1.5.0.11 *SECURITY FIX* - Updated Mozilla Thunderbird to 1.5.0.10 *SECURITY FIX* - Updated Qt to 3.3.8 *SECURITY FIX* - Rebuilt qca against new qt - Rebuilt qca-tls against new qt 20070305 - Updated php to 4.4.5 - this fixes several security and stability issues; for full details, see http://www.php.net. Some of these have been given CVE numbers: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 *SECURITY FIX* 20070210 - Updated samba to 3.0.24 - this fixes a denial of service issue, and several other issues that do not affect Slamd64. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 *SECURITY FIX* 20070130 - Rebuilt qca-tls against new Qt Thanks to Carlos Corbacho for pointing out that this was required for jabber+ssl to work in Kopete. - Patched autofs with a long vs int AMD64 problem fixed. http://bugs.slamd64.com/show_bug.cgi?id=183 - Rebuilt kdebase against new libpng - I think this is the last of them... - Rebuilt kdeartwork including missing xscreensaver support and kwin decorations. http://bugs.slamd64.com/show_bug.cgi?id=208 20070129 - Updated bind to 9.3.4 - this fixes two denial of service vulnerabilities where an attacker could crash the name server with specially crafted malformed data. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 *SECURITY FIX* - Updated fetchmail to 6.3.6 - this fixes two security issues. A bug introduced in 6.3.5 could cause fetchmail to crash. Secondly, another bug could cause fetchmail to send a password in clear text or omit using TLS even when configured otherwise. Please either switch to using getmail, or upgrade to this new version. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 *SECURITY FIX* - Repackaged flex with a libdir issue fixed. http://bugs.slamd64.com/show_bug.cgi?id=191 - Rebuilt arts, gd, imlib, libwmf, links, sdl, windowmaker against new libpng http://bugs.slamd64.com/show_bug.cgi?id=198 - Updated Qt to 3.3.7 with various fixes http://bugs.slamd64.com/show_bug.cgi?id=182 http://bugs.slamd64.com/show_bug.cgi?id=188 http://bugs.slamd64.com/show_bug.cgi?id=198 - Rebuilt kdelibs against new Qt - Rebuilt kdeartwork against new Qt - Repackaged xscreensaver with a missing symlink added - Rebuild libexif with fixing various problems including a broken pkgconfig file http://bugs.slamd64.com/show_bug.cgi?id=180 - Rebuild tcpip with a 64-bit vconfig http://bugs.slamd64.com/show_bug.cgi?id=185 20070112 Sorry these have taken so long; hopefully I'll have some non-security updates for -current shortly. - Updated Mozilla Firefox to 1.5.0.9 - this upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox *SECURITY FIX* - Updated Mozilla Thunderbird to 1.5.0.9 - this upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird *SECURITY FIX* - Updated Mozilla Seamonkey to 1.0.7 - this upgrade fixes several possible security bugs. For more information, see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey *SECURITY FIX* - Updated xine-lib to 1.1.3 - this fixes possible security problems such as a heap overflow in libmms and a buffer overflow in the Real Media input plugin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200 *SECURITY FIX* - Updated gnupg to 1.4.6 - this release fixes a severe and exploitable bug in earlier versions of gnupg. All gnupg users should update as soon as possible. This update also addresses a more minor security issue possibly exploitable when GnuPG is used in interactive mode. For more information, see: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169 *SECURITY FIX* 20061204 - Updated tar to 1.16 - this fixes an issue where files can be extracted outside the current directory, possibly allowing a malicious tar archive to overwrite any files on the system. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 *SECURITY FIX* - Updated proftpd to 1.3.0a with an additional security patch. This fixes several security problems, potentially leading to arbitrary code execution, including one in mod_tls which does not require the user to be authenticated. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171 *SECURITY FIX* - Updated libpng to 1.2.14 - this fixes a bug where a specially crafted png image could crash an application using libpng. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793 This package also fixes a non-security-related issue regarding MMX handling: http://bugs.slamd64.com/show_bug.cgi?id=149 20061122 - Added Mozilla Firefox 1.5.0.8 package, and moved the 2.0 package to extra/ *SECURITY FIX* - Updated Mozilla Thunderbird to 1.5.0.8 *SECURITY FIX* - Updated Mozilla Seamonkey to 1.0.6 *SECURITY FIX* 20061107 - Updated bind to 9.3.2-P2; this fixes issues related to previous OpenSSL fixes. You will need to upgrade OpenSSL to the latest Slamd64 package (if you've only done a partial upgrade to 11.0 from an older version). Also, the default RSA exponent has been changed from 3 to 35537; any keys generated with an exponent of 3 (the old default) will need to be regenerated to protect against the forging of RRSIGs. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 *SECURITY FIX* 20061106 - Updated Mozilla Firefox to version 2.0 - Updated screen to 4.0.3, fixing a UTF8 handling problem http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 *SECURITY FIX* - Patched php4 with a fix for a UTF8 problem http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 *SECURITY FIX* 20061025 - Repackaged nfs-utils with various script fixes http://bugs.slamd64.com/show_bug.cgi?id=160 - Repackaged tcpip with fixes for rpc and portmap http://bugs.slamd64.com/show_bug.cgi?id=165 vim: ts=2