Thursday, May 8, 2008

First Update For 12.1

First updates for Slackware 12.1 (and also for other Slackware releases) are now available through Slackware mirrors. It contains two updated packages, PHP and Mozilla Thunderbird. Here's the latest -Current changelog (it's quite strange, since usually updated packages are only available in -Stable changelog after -Stable has been released):
Wed May 7 16:13:31 CDT 2008
n/php-5.2.6-i486-1.tgz:
Upgraded to PHP 5.2.6.
This version of PHP contains many fixes and enhancements. Some of the fixes are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional information should become available at this URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other fixes in PHP 5.2.6 may be found in the PHP release announcement here: http://www.php.net/releases/5_2_6.php

xap/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
Upgraded to thunderbird-2.0.0.14.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
(* Security fix *)