Slackware ChangeLogs
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
Current (pre-release) ChangeLog for x86_64
Tue Apr 8 14:19:51 UTC 2014
a/openssl-solibs-1.0.1g-x86_64-1.txz: Upgraded.
n/openssl-1.0.1g-x86_64-1.txz: Upgraded.
       This update fixes two security issues:
       A missing bounds check in the handling of the TLS heartbeat extension
       can be used to reveal up to 64k of memory to a connected client or server.
       Thanks for Neel Mehta of Google Security for discovering this bug and to
       Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
       preparing the fix.
       Fix for the attack described in the paper "Recovering OpenSSL
       ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
       by Yuval Yarom and Naomi Benger. Details can be obtained from:
       http://eprint.iacr.org/2014/140
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
       (* Security fix *)
+--------------------------+
Mon Mar 31 20:30:28 UTC 2014
l/apr-1.5.0-x86_64-1.txz: Upgraded.
l/apr-util-1.5.3-x86_64-1.txz: Upgraded.
n/httpd-2.4.9-x86_64-2.txz: Rebuilt.
       Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
+--------------------------+
Fri Mar 28 03:43:11 UTC 2014
l/mozilla-nss-3.16-x86_64-1.txz: Upgraded.
       This update fixes a security issue:
       The cert_TestHostName function in lib/certdb/certdb.c in the
       certificate-checking implementation in Mozilla Network Security Services
       (NSS) before 3.16 accepts a wildcard character that is embedded in an
       internationalized domain name's U-label, which might allow man-in-the-middle
       attackers to spoof SSL servers via a crafted certificate.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
       (* Security fix *)
l/seamonkey-solibs-2.25-x86_64-1.txz: Upgraded.
n/curl-7.36.0-x86_64-1.txz: Upgraded.
       This update fixes four security issues.
       For more information, see:
       http://curl.haxx.se/docs/adv_20140326A.html
       http://curl.haxx.se/docs/adv_20140326B.html
       http://curl.haxx.se/docs/adv_20140326C.html
       http://curl.haxx.se/docs/adv_20140326D.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
       (* Security fix *)
n/httpd-2.4.9-x86_64-1.txz: Upgraded.
       This update addresses two security issues.
       Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults
       when logging truncated cookies. Clean up the cookie logging parser to
       recognize only the cookie=value pairs, not valueless cookies.
       mod_dav: Keep track of length of cdata properly when removing leading
       spaces. Eliminates a potential denial of service from specifically crafted
       DAV WRITE requests.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
       (* Security fix *)
n/openssh-6.6p1-x86_64-1.txz: Upgraded.
       This update fixes a security issue when using environment passing with
       a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be
       tricked into accepting any environment variable that contains the
       characters before the wildcard character.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
       (* Security fix *)
n/tin-2.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-28.0-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/mozilla-thunderbird-24.4.0-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.25-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
+--------------------------+
Sun Mar 16 02:52:28 UTC 2014
n/php-5.4.26-x86_64-1.txz: Upgraded.
       This update fixes a flaw where a specially crafted data file may cause a
       segfault or 100% CPU consumption when a web page uses fileinfo() on it.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
       (* Security fix *)
+--------------------------+
Fri Mar 14 00:44:48 UTC 2014
n/samba-4.1.6-x86_64-1.txz: Upgraded.
       This update fixes two security issues:
       CVE-2013-4496:
       Samba versions 3.4.0 and above allow the administrator to implement
       locking out Samba accounts after a number of bad password attempts.
       However, all released versions of Samba did not implement this check for
       password changes, such as are available over multiple SAMR and RAP
       interfaces, allowing password guessing attacks.
       CVE-2013-6442:
       Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
       smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
       command options it will remove the existing ACL on the object being
       modified, leaving the file or directory unprotected.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
       (* Security fix *)
+--------------------------+
Thu Mar 13 03:32:38 UTC 2014
n/mutt-1.5.23-x86_64-1.txz: Upgraded.
       This update fixes a buffer overflow where malformed RFC2047 header
       lines could result in denial of service or potentially the execution
       of arbitrary code as the user running mutt.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
       (* Security fix *)
+--------------------------+
Tue Mar 11 07:06:18 UTC 2014
a/udisks-1.0.5-x86_64-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
a/udisks2-2.1.3-x86_64-1.txz: Upgraded.
       This update fixes a stack-based buffer overflow when handling long path
       names. A malicious, local user could use this flaw to create a
       specially-crafted directory structure that could lead to arbitrary code
       execution with the privileges of the udisks daemon (root).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
       (* Security fix *)
+--------------------------+
Thu Mar 6 04:14:23 UTC 2014
ap/sudo-1.8.9p5-x86_64-1.txz: Upgraded.
+--------------------------+
Mon Mar 3 23:32:18 UTC 2014
n/gnutls-3.1.22-x86_64-1.txz: Upgraded.
       Fixed a security issue where a specially crafted certificate could
       bypass certificate validation checks.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
       (* Security fix *)
+--------------------------+
Thu Feb 27 20:43:28 UTC 2014
d/subversion-1.7.16-x86_64-1.txz: Upgraded.
       Fix denial of service bugs.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
       (* Security fix *)
+--------------------------+
Thu Feb 20 00:30:49 UTC 2014
a/kernel-firmware-20140215git-noarch-1.txz: Upgraded.
a/kernel-generic-3.10.30-x86_64-1.txz: Upgraded.
       These are new kernels that fix CVE-2014-0038, a bug that can allow local
       users to gain a root shell.
       Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
       packages, or on UEFI systems, copy the appropriate kernel to
       /boot/efi/EFI/Slackware/vmlinuz).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
       (* Security fix *)
a/kernel-huge-3.10.30-x86_64-1.txz: Upgraded.
       These are new kernels that fix CVE-2014-0038, a bug that can allow local
       users to gain a root shell.
       Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
       packages, or on UEFI systems, copy the appropriate kernel to
       /boot/efi/EFI/Slackware/vmlinuz).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
       (* Security fix *)
a/kernel-modules-3.10.30-x86_64-1.txz: Upgraded.
a/shadow-4.1.5.1-x86_64-3.txz: Rebuilt.
       Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
       (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
       case via a TIOCNOTTY request. Bi-directional protection is excessive
       and breaks a commonly-used methods for privilege escalation on non-PAM
       systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
       This update relaxes the restriction and only detaches the controlling
       tty when the callee is not root (which is, after all, the threat vector).
       Thanks to mancha for the patch (and the above information).
ap/mariadb-5.5.35-x86_64-1.txz: Upgraded.
       This update fixes a buffer overflow in the mysql command line client which
       may allow malicious or compromised database servers to cause a denial of
       service (crash) and possibly execute arbitrary code via a long server
       version string.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
       (* Security fix *)
d/kernel-headers-3.10.30-x86-1.txz: Upgraded.
k/kernel-source-3.10.30-noarch-1.txz: Upgraded.
       These are new kernels that fix CVE-2014-0038, a bug that can allow local
       users to gain a root shell.
       Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
       packages, or on UEFI systems, copy the appropriate kernel to
       /boot/efi/EFI/Slackware/vmlinuz).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
       (* Security fix *)
n/gnutls-3.1.21-x86_64-1.txz: Upgraded.
       This update fixes a flaw where a version 1 intermediate certificate would be
       considered as a CA certificate by GnuTLS by default.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
       (* Security fix *)
xap/mozilla-firefox-27.0.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
+--------------------------+
Thu Feb 13 23:45:53 UTC 2014
n/curl-7.35.0-x86_64-1.txz: Upgraded.
       This update fixes a flaw where libcurl could, in some circumstances, reuse
       the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
       request.
       For more information, see:
       http://curl.haxx.se/docs/adv_20140129.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
       (* Security fix *)
n/ntp-4.2.6p5-x86_64-5.txz: Rebuilt.
       All stable versions of NTP remain vulnerable to a remote attack where the
       "ntpdc -c monlist" command can be used to amplify network traffic as part
       of a denial of service attack. By default, Slackware is not vulnerable
       since it includes "noquery" as a default restriction. However, it is
       vulnerable if this restriction is removed. To help mitigate this flaw,
       "disable monitor" has been added to the default ntp.conf (which will disable
       the monlist command even if other queries are allowed), and the default
       restrictions have been extended to IPv6 as well.
       All users of the NTP daemon should make sure that their ntp.conf contains
       "disable monitor" to prevent misuse of the NTP service. The new ntp.conf
       file will be installed as /etc/ntp.conf.new with a package upgrade, but the
       changes will need to be merged into any existing ntp.conf file by the admin.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
       http://www.kb.cert.org/vuls/id/348126
       (* Security fix *)
+--------------------------+
Sat Feb 8 18:41:15 UTC 2014
l/seamonkey-solibs-2.24-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-27.0-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/mozilla-thunderbird-24.3.0-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.24-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
+--------------------------+
Mon Feb 3 20:58:32 UTC 2014
xap/pidgin-2.10.9-x86_64-1.txz: Upgraded.
       This update fixes various security issues and other bugs.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
       (* Security fix *)
+--------------------------+
Thu Jan 30 21:30:11 UTC 2014
n/openssh-6.5p1-x86_64-1.txz: Upgraded.
+--------------------------+
Tue Jan 28 21:07:13 UTC 2014
l/mozilla-nss-3.15.4-x86_64-1.txz: Upgraded.
       Upgraded to nss-3.15.4 and nspr-4.10.3.
       Fixes a possible man-in-the-middle issue.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
       (* Security fix *)
n/bind-9.9.4_P2-x86_64-1.txz: Upgraded.
       This update fixes a defect in the handling of NSEC3-signed zones that can
       cause BIND to be crashed by a specific set of queries.
       NOTE: According to the second link below, Slackware is probably not
       vulnerable since we aren't using glibc-2.18 yet. Might as well fix it
       anyway, though.
       For more information, see:
       https://kb.isc.org/article/AA-01078
       https://kb.isc.org/article/AA-01085
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
       (* Security fix *)
+--------------------------+
Tue Jan 14 03:54:48 UTC 2014
a/openssl-solibs-1.0.1f-x86_64-1.txz: Upgraded.
d/llvm-3.4-x86_64-1.txz: Upgraded.
n/openssl-1.0.1f-x86_64-1.txz: Upgraded.
       This update fixes the following security issues:
       Fix for TLS record tampering bug CVE-2013-4353
       Fix for TLS version checking bug CVE-2013-6449
       Fix for DTLS retransmission bug CVE-2013-6450
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
       (* Security fix *)
n/php-5.4.24-x86_64-1.txz: Upgraded.
       The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
       5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
       parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
       which allows remote attackers to execute arbitrary code or cause a denial
       of service (memory corruption) via a crafted certificate that is not
       properly handled by the openssl_x509_parse function.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
       (* Security fix *)
n/samba-4.1.4-x86_64-1.txz: Upgraded.
       This update fixes a heap-based buffer overflow that may allow AD domain
       controllers to execute arbitrary code via an invalid fragment length in
       a DCE-RPC packet.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
       (* Security fix *)
x/libXfont-1.4.7-x86_64-1.txz: Upgraded.
       This update fixes a stack overflow when reading a BDF font file containing
       a longer than expected string, which could lead to crashes or privilege
       escalation.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
       (* Security fix *)
+--------------------------+
Fri Dec 20 22:46:09 UTC 2013
n/gnupg-1.4.16-x86_64-1.txz: Upgraded.
       Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
       Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
       For more information, see:
       http://www.cs.tau.ac.il/~tromer/acoustic/
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
       (* Security fix *)
+--------------------------+
Mon Dec 16 20:51:01 UTC 2013
d/llvm-3.3-x86_64-3.txz: Rebuilt.
       The LLVM package included binaries with an rpath pointing to the build
       location in /tmp. This allows an attacker with write access to /tmp to
       add modified libraries (and execute arbitrary code) as any user running
       the LLVM binaries. This updated package rebuilds LLVM to exclude the
       build directories from the rpath information.
       Thanks to Christopher Oliver for the bug report.
       (* Security fix *)
d/ruby-1.9.3_p484-x86_64-1.txz: Upgraded.
       This update fixes a heap overflow in floating point parsing. A specially
       crafted string could cause a heap overflow leading to a denial of service
       attack via segmentation faults and possibly arbitrary code execution.
       For more information, see:
       https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
       (* Security fix *)
l/cairo-1.12.16-x86_64-1.txz: Upgraded.
       Removed --enable-xcb-shm (may cause instability with GTK+3).
       Removed --enable-xlib-xcb (causes GIMP slowdown).
       Added --enable-ft and --enable-gl.
       If there are no problems reported with this update, perhaps it should be
       issued as a 14.1 bugfix?
l/libiodbc-3.52.8-x86_64-1.txz: Upgraded.
       This update fixes an rpath pointing to a location in /tmp that was found in
       two test programs (iodbctest and iodbctestw). This could have allowed a
       local attacker with write access to /tmp to add modified libraries (and
       execute arbitrary code) as any user running the test programs.
       Thanks to Christopher Oliver for the bug report.
       (* Security fix *)
l/libjpeg-v8a-x86_64-2.txz: Rebuilt.
       Fix use of uninitialized memory when decoding images with missing SOS data
       for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
       This could allow remote attackers to obtain sensitive information from
       uninitialized memory locations via a crafted JPEG image.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
       (* Security fix *)
l/seamonkey-solibs-2.23-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-26.0-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/mozilla-thunderbird-24.2.0-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.23-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
+--------------------------+
Thu Dec 5 22:20:36 UTC 2013
kde/calligra-2.7.5-x86_64-1.txz: Upgraded.
kdei/calligra-l10n-bs-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-ca-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-ca\@valencia-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-cs-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-da-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-de-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-el-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-es-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-et-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-fi-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-fr-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-gl-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-hu-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-ia-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-it-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-kk-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-nb-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-nds-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-nl-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-pl-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-pt-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-pt_BR-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-ru-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-sk-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-sl-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-sv-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-tr-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-uk-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-zh_CN-2.7.5-noarch-1.txz: Upgraded.
kdei/calligra-l10n-zh_TW-2.7.5-noarch-1.txz: Upgraded.
l/mozilla-nss-3.15.3-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
       (* Security fix *)
l/seamonkey-solibs-2.22.1-x86_64-1.txz: Upgraded.
xap/gimp-2.8.10-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-24.1.1-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
       (* Security fix *)
xap/seamonkey-2.22.1-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
+--------------------------+
Mon Nov 18 20:52:16 UTC 2013
l/seamonkey-solibs-2.22-x86_64-1.txz: Upgraded.
n/openssh-6.4p1-x86_64-1.txz: Upgraded.
       sshd(8): fix a memory corruption problem triggered during rekeying
       when an AES-GCM cipher is selected.
       For more information, see:
       http://www.openssh.com/txt/gcmrekey.adv
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
       (* Security fix *)
n/php-5.4.22-x86_64-1.txz: Upgraded.
       This is a bugfix release.
n/samba-4.1.1-x86_64-1.txz: Upgraded.
       This update fixes two security issues:
       * Samba versions 3.2.0 and above do not check the underlying file or
       directory ACL when opening an alternate data stream.
       * In setups which provide ldap(s) and/or https services, the private key
       for SSL/TLS encryption might be world readable. This typically happens
       in active directory domain controller setups.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476
       (* Security fix *)
       Added tdb.h, tdb.pc, and a libtdb.so symlink. Thanks to Matteo Bernardini.
xap/mozilla-firefox-25.0.1-x86_64-1.txz: Upgraded.
       This release contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/firefox.html
       (* Security fix *)
xap/seamonkey-2.22-x86_64-1.txz: Upgraded.
       This update contains security fixes and improvements.
       For more information, see:
       http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
       (* Security fix *)
+--------------------------+
Mon Nov 4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system. Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun! :-)
Slackware® is a registered trademark of Slackware Linux, Inc. All logos and graphics are copyrighted.