Friday, May 15, 2009

Security Update: Cyrus-sasl

One security package has been released today and several other packages as well. Not too much interesting, but important to update as well. Here are the changelog:
Thu May 14 18:12:48 CDT 2009
ap/linuxdoc-tools-0.9.56-i486-1.txz: Upgraded to linuxdoc-tools-0.9.56, and upgrades to various other components. Thanks to Stuart Winter.

Upgraded to cyrus-sasl-2.1.23.
This fixes a buffer overflow in the sasl_encode64() function that could lead to crashes or the execution of arbitrary code.
For more information, see:
(* Security fix *)

extra/slacktrack/slacktrack-2.02-i486-1.txz: Upgraded to slacktrack-2.02.
Thanks to Stuart Winter.

Recompressed expect-, gv-3.6.7-i486-1.txz, pidgin-2.5.5-i486-3.txz, and xpdf-3.02pl3-i486-1.txz.
These had been mistakenly compressed using xz -9.