Security Updates

After few days without an update, Patrick Volkerding has released an updates, both to -Stable and -Current. The -Current has more updates (as usual) and -Stable only receive security-related updates. Here's the latest -Stable changelog:

Tue Apr 3 15:01:57 CDT 2007
Upgraded to file-4.20.
This fixes a heap overflow that could allow code to be executed as the user running file (note that there are many scenarios where file might be used automatically, such as in virus scanners or spam filters).
For more information, see:
(* Security fix *)

Upgraded to ktorrent-2.1.3.
A directory traversal vulnerability in torrent.cpp in versions < 2.1.2 may allow remote attackers to overwrite the ktorrent user's files. A bug in chunkcounter.cpp in versions < 2.1.2 allows remote attackers to crash ktorrent and cause heap corruption by the use of an invalid idx value.
For more information, see:
(* Security fix *)

Patched an issue where the Qt UTF 8 decoder may in some instances fail to reject overlong sequences, possibly allowing "/../" path injection or XSS errors.
For more information, see:
(* Security fix *)

Popular posts from this blog

Python 3.6.0 in SBo 14.2 repository

NVidia Legacy Unix Driver Update

Security Update: Thunderbird, Seamonkey, libpng, python, samba