Tuesday, August 5, 2008

Security Update: Pan and Python

Two security updates coming up this morning along with few other updates on -Current. These two packages are Pan and Python. Here's the -Current changelog:
Mon Aug 4 13:56:36 CDT 2008
a/sysvinit-scripts-1.2-noarch-22.tgz: _Really_ quieted down rc.M's mime update this time (it seems that errors are sent to stdout). Thanks to Robby Workman.
If we must update icon-cache files in rc.M (which is done only if they already exist), background it so that it doesn't delay the boot as much.
In rc.S, only update the kernel version in /etc/motd if the file begins with"Linux", leaving the rest of the file free to be customized.
Thanks to Pete Cervasio for the improved MOTD script.
Grab some information about the root partition from /proc/mounts to initialize /etc/mtab. Thanks to Alan Hicks.

Patched various overflows and other security problems.
For more information, see:
(* Security fix *)

n/getmail-4.8.2-noarch-1.tgz: Upgraded to getmail-4.8.2.

x/dejavu-fonts-ttf-2.26-noarch-1.tgz: Upgraded to dejavu-fonts-ttf-2.26.

x/liberation-fonts-ttf-1.04-noarch-1.tgz: Upgraded to liberation-fonts-1.04.

xap/pan-0.133-i486-1.tgz: Upgraded to pan-0.133.
This update fixes a buffer overflow in pan-0.128 through pan-0.132 when processing .nzb files.
For more information, see:
(* Security fix *)