Slackware ChangeLogs
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists

About

 
Stable ChangeLog for S/390
Sun Aug 9 00:29:51 EDT 2009
patches/packages/bind-9.4.3_P3-s390-1_slack10.0.tgz: Upgraded.
       This BIND update fixes a security problem where a specially crafted
       dynamic update message packet will cause named to exit resulting in
       a denial of service.
       An active remote exploit is in wide circulation at this time.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
       https://www.isc.org/node/479
       (* Security fix *)
patches/packages/dhcp-3.1.2p1-s390-1_slack10.0.tgz: Upgraded.
       A stack overflow vulnerability was fixed in dhclient that could allow
       remote attackers to execute arbitrary commands as root on the system,
       or simply terminate the client, by providing an over-long subnet-mask
       option.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
       (* Security fix *)
patches/packages/fetchmail-6.3.11-s390-1_slack10.0.tgz: Upgraded.
       This update fixes an SSL NUL prefix impersonation attack through NULs in a
       part of a X.509 certificate's CommonName and subjectAltName fields.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
       (* Security fix *)
patches/packages/samba-3.0.36-s390-1_slack10.0.tgz: Upgraded.
       This is a bugfix release.

+--------------------------+
Sat Jun 27 15:58:28 EDT 2009
patches/packages/samba-3.0.35-s390-1_slack10.0.tgz:
       This upgrade fixes the following security issue:
       o CVE-2009-1888:
       In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
       data value can potentially affect access control when "dos filemode"
       is set to "yes".
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
       (* Security fix *)
patches/packages/libpng-1.2.37-s390-1_slack10.0.tgz: Upgraded.
       This update fixes a possible security issue. Jeff Phillips discovered an
       uninitialized-memory-read bug affecting interlaced images that may have
       security implications.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
       (* Security fix *)

+--------------------------+
Sun Jun 7 18:07:00 EDT 2009
patches/packages/ntp-4.2.2p3-s390-1_slack10.0.tgz:
       Patched a stack-based buffer overflow in the cookedprint function in
       ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
       execution by a malicious remote NTP server.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
       (* Security fix *)

+--------------------------+
Fri May 29 15:29:47 EDT 2009
patches/packages/xpdf-3.02pl3-s390-1_slack10.0.tgz:
       Upgraded to xpdf-3.02pl3.
       This update fixes several overflows that may result in crashes or the
       execution of arbitrary code as the xpdf user.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)

+--------------------------+
Tue Apr 28 15:28:06 EDT 2009
patches/packages/lcms-1.18-s390-1_slack10.0.tgz: Upgraded to lcms-1.18.
       This update fixes security issues discovered in LittleCMS by Chris Evans.
       These flaws could cause program crashes (denial of service) or the execution
       of arbitrary code as the user of the lcms-linked program.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
       (* Security fix *)

+--------------------------+
Mon Mar 23 05:07:51 EDT 2009
patches/packages/apache-1.3.41-s390-1_slack10.0.tgz:
       Upgraded to apache-1.3.41, the last regular release of the
       Apache 1.3.x series, and a security bugfix-only release.
       For more information about the security issues fixed, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
       (* Security fix *)
patches/packages/bind-9.3.6_P1-s390-1_slack10.0.tgz:
       Upgraded to bind-9.3.6-P1.
       Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
       DSA_do_verify functions to prevent spoofing answers returned from zones using
       the DNSKEY algorithms DSA and NSEC3DSA.
       For more information, see:
       https://www.isc.org/node/373
       http://www.ocert.org/advisories/ocert-2008-016.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
       (* Security fix *)
patches/packages/bzip2-1.0.5-s390-1_slack10.0.tgz: Upgraded to bzip2-1.0.5.
       Previous versions of bzip2 contained a buffer overread error that could cause
       applications linked to libbz2 to crash, resulting in a denial of service.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
       (* Security fix *)
patches/packages/cups-1.1.21-s390-2_slack10.0.tgz:
       Patched cups-1.1.21.
       Errors in ipp.c may allow a remote attacker to crash CUPS resulting
       in a denial of service.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
       (* Security fix *)
patches/packages/curl-7.12.2-s390-3_slack10.0.tgz:
       Patched curl-7.12.2.
       This fixes a security issue where automatic redirection could be made to
       follow file:// URLs, reading or writing a local instead of remote file.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
       (* Security fix *)
patches/packages/dnsmasq-2.45-s390-1_slack10.0.tgz:
       Upgraded to dnsmasq-2.45.
       It was discovered that earlier versions of dnsmasq have DNS cache
       weaknesses that are similar to the ones recently discovered in BIND.
       This new release minimizes the risk of cache poisoning.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
       (* Security fix *)
patches/packages/fetchmail-6.3.8-s390-1_slack10.0.tgz:
       Patched to fix a possible denial of service when "-v -v" options are used.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
       (* Security fix *)
patches/packages/glibc-zoneinfo-2.3.2-noarch-11_slack10.0.tgz:
       Upgraded to tzdata2008h for the latest world timezone changes.
patches/packages/libpng-1.2.35-s390-1_slack10.0.tgz:
       Upgraded to libpng-1.2.35.
       This fixes multiple memory-corruption vulnerabilities due to a failure to
       properly initialize data structures.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
       ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
       (* Security fix *)
patches/packages/libxml2-2.6.32-s390-1_slack10.0.tgz:
       Upgraded to libxml2-2.6.32 and patched.
       This fixes vulnerabilities including denial of service, or possibly the
       execution of arbitrary code as the user running a libxml2 linked application
       if untrusted XML content is parsed.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
       (* Security fix *)
patches/packages/m4-1.4.11-s390-1_slack10.0.tgz: Upgraded to m4-1.4.11.
       In addition to bugfixes and enhancements, this version of m4 also fixes two
       issues with possible security implications. A minor security fix with the
       use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
       (rather unlikely) possibility that an unquoted string could match an
       existing macro causing operations to be done on the wrong file. Also,
       a problem with the '-F' option (introduced with version 1.4) could cause a
       core dump or possibly (with certain file names) the execution of arbitrary
       code. For more information on these issues, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
       (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-s390-1_slack10.0.tgz:
       Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
patches/packages/ntp-4.2.4p6-s390-1_slack10.0.tgz:
       [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
       For more information, see:
       https://lists.ntp.org/pipermail/announce/2009-January/000055.html
       http://www.ocert.org/advisories/ocert-2008-016.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
       (* Security fix *)
patches/packages/openssh-5.0p1-s390-1_slack10.0.tgz:
       Upgraded to openssh-5.0p1.
       This version fixes a security issue where local users could hijack forwarded
       X connections. Upgrading to the new package is highly recommended.
       For more information on this security issue, please see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
       (* Security fix *)
patches/packages/rsync-2.6.9-s390-1_slack10.0.tgz:
       Patched some security bugs.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
       http://lists.samba.org/archive/rsync-announce/2007/000050.html
       (* Security fix *)
patches/packages/samba-3.0.33-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.33.
       This package fixes an important barrier against rogue clients reading from
       uninitialized memory (though no proof-of-concept is known to exist).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
       (* Security fix *)
patches/packages/xine-lib-1.1.11.1-s390-3_slack10.0.tgz:
       Recompiled, with --without-speex (we didn't ship the speex library in
       Slackware anyway, but for reference this issue would be CVE-2008-1686),
       and with --disable-nosefart (the recently reported as insecurely
       demuxed NSF format). As before in -2, this package fixes the two
       regressions mentioned in the release notes for xine-lib-1.1.12:
       http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
       (* Security fix *)
patches/packages/xpdf-3.02pl2-s390-1_slack10.0.tgz:
       Upgraded to xpdf-3.02pl2.
       The pl2 patch fixes a crash in xpdf.
       Some theorize that this could be used to execute arbitrary code if an
       untrusted PDF file is opened, but no real-world examples are known (yet).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
       (* Security fix *)

+--------------------------+
Mon Sep 24 00:36:56 EDT 2007
patches/packages/bind-9.2.8_P1-s390-1_slack10.0.tgz:
       Upgraded to bind-9.2.8_P1 to fix a security issue.
       The query IDs in BIND9 prior to BIND 9.2.8-P1 are cryptographically weak.
       For more information on this issue, see:
       http://www.isc.org/index.pl?/sw/bind/bind-security.php
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
       (* Security fix *)
patches/packages/openssh-4.7p1-s390-1_slack10.0.tgz:
       Upgraded to openssh-4.7p1.
       From the OpenSSH release notes:
       "Security bugs resolved in this release: Prevent ssh(1) from using a
       trusted X11 cookie if creation of an untrusted cookie fails; found and
       fixed by Jan Pechanec."
       While it's fair to say that we here at Slackware don't see how this could
       be leveraged to compromise a system, a) the OpenSSH people (who presumably
       understand the code better) characterize this as a security bug, b) it has
       been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
       network daemons. Better safe than sorry.
       More information should appear here eventually:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
       (* Security fix *)
patches/packages/samba-3.0.26a-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.26a.
       This fixes a security issue in all Samba 3.0.25 versions:
       "Incorrect primary group assignment for domain users using the rfc2307
       or sfu winbind nss info plugin."
       For more information, see:
       http://www.samba.org/samba/security/CVE-2007-4138.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
       (* Security fix *)
patches/packages/tcpdump-3.9.7-s390-1_slack10.0.tgz:
       Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
       This new version fixes an integer overflow in the BGP dissector which
       could possibly allow remote attackers to crash tcpdump or to execute
       arbitrary code.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
       (* Security fix *)
patches/packages/xpdf-3.02pl1-s390-1_slack10.0.tgz:
       Upgraded to xpdf-3.02pl1. This fixes an integer overflow that could possibly
       be leveraged to run arbitrary code if a malicious PDF file is processed.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
       (* Security fix *)

+--------------------------+
Sun May 27 15:00:40 EDT 2007
patches/packages/libpng-1.2.18-s390-1_slack10.0.tgz:
       Upgraded to libpng-1.2.18.
       A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
       libpng applications. This vulnerability has been assigned the identifiers
       CVE-2007-2445 and CERT VU#684664.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
       (* Security fix *)
patches/packages/samba-3.0.25a-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.25a. This fixes some major (non-security) bugs in
       samba-3.0.25. See the WHATSNEW.txt for details.
patches/packages/xine-lib-1.1.6-s390-1_slack10.0.tgz:
       Upgraded to xine-lib-1.1.6.
       This fixes overflows in xine-lib in some little-used media formats in
       xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6. The overflows in
       xine-lib < 1.1.5 could definitely cause an application using xine-lib to
       crash, and it is theorized that a malicious media file could be made to run
       arbitrary code in the context of the user running the application.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
       (* Security fix *)

+--------------------------+
Wed May 16 13:36:34 EDT 2007
patches/packages/samba-3.0.25-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.25.
       Security Fixes included in the Samba 3.0.25 release are:
       o CVE-2007-2444
       Versions: Samba 3.0.23d - 3.0.25pre2
       Local SID/Name translation bug can result in
       user privilege elevation
       o CVE-2007-2446
       Versions: Samba 3.0.0 - 3.0.24
       Multiple heap overflows allow remote code execution
       o CVE-2007-2447
       Versions: Samba 3.0.0 - 3.0.24
       Unescaped user input parameters are passed as
       arguments to /bin/sh allowing for remote command
       execution
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
       (* Security fix *)

+--------------------------+
Wed Apr 4 13:33:38 EDT 2007
patches/packages/file-4.20-s390-1_slack10.0.tgz:
       Upgraded to file-4.20.
       This fixes a heap overflow that could allow code to be executed as the
       user running file (note that there are many scenarios where file might be
       used automatically, such as in virus scanners or spam filters).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
       (* Security fix *)

+--------------------------+
Tue Apr 3 20:30:03 EDT 2007
patches/packages/bind-9.2.8-s390-1_slack10.0.tgz:
       Upgraded to bind-9.2.8. This update fixes two denial of service
       vulnerabilities where an attacker could crash the name server with
       specially crafted malformed data.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
       (* Security fix *)
patches/packages/fetchmail-6.3.6-s390-1_slack10.0.tgz:
       Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug
       introduced in fetchmail-6.3.5 could cause fetchmail to crash. However,
       no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long
       standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
       password in clear text or omit using TLS even when configured otherwise.
       All fetchmail users are encouraged to consider using getmail, or to upgrade
       to the new fetchmail packages.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
       (* Security fix *)
patches/packages/glibc-zoneinfo-2.3.2-noarch-7_slack10.0.tgz:
       Updated with tzdata2007b for impending Daylight Savings Time
       changes in the US.
patches/packages/gnupg-1.4.7-s390-1_slack10.0.tgz: Upgraded to gnupg-1.4.7.
       This fixes a security problem that can occur when GnuPG is used incorrectly.
       Newer versions attempt to prevent such misuse.
       For more information, see:
       http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
       (* Security fix *)
patches/packages/samba-3.0.24-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
       "Important issues addressed in 3.0.24 include:
       o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
       NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
       Samba is Slackware is vulnerable to the first issue, which can cause smbd
       to enter into an infinite loop, disrupting Samba services. Linux is not
       vulnerable to the second issue, and Slackware does not ship the afsacl.so
       VFS plugin (but it's something to be aware of if you build Samba with
       custom options).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
       (* Security fix *)

+--------------------------+
Thu Mar 15 01:48:14 EDT 2007
patches/packages/bind-9.2.8-s390-1_slack10.0.tgz:
       Upgraded to bind-9.2.8. This update fixes two denial of service
       vulnerabilities where an attacker could crash the name server with
       specially crafted malformed data.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
       (* Security fix *)
patches/packages/fetchmail-6.3.6-s390-1_slack10.0.tgz:
       Upgraded to fetchmail-6.3.6. This fixes two security issues. First, a bug
       introduced in fetchmail-6.3.5 could cause fetchmail to crash. However,
       no stable version of Slackware ever shipped fetchmail-6.3.5. Second, a long
       standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
       password in clear text or omit using TLS even when configured otherwise.
       All fetchmail users are encouraged to consider using getmail, or to upgrade
       to the new fetchmail packages.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
       (* Security fix *)
patches/packages/glibc-zoneinfo-2.3.2-noarch-7_slack10.0.tgz:
       Updated with tzdata2007b for impending Daylight Savings Time
       changes in the US.
patches/packages/gnupg-1.4.7-s390-1_slack10.0.tgz: Upgraded to gnupg-1.4.7.
       This fixes a security problem that can occur when GnuPG is used incorrectly.
       Newer versions attempt to prevent such misuse.
       For more information, see:
       http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
       (* Security fix *)
patches/packages/samba-3.0.24-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.24. From the WHATSNEW.txt file:
       "Important issues addressed in 3.0.24 include:
       o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
       NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
       Samba is Slackware is vulnerable to the first issue, which can cause smbd
       to enter into an infinite loop, disrupting Samba services. Linux is not
       vulnerable to the second issue, and Slackware does not ship the afsacl.so
       VFS plugin (but it's something to be aware of if you build Samba with
       custom options).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
       (* Security fix *)

+--------------------------+
Sun Jan 14 22:30:33 EST 2007
patches/packages/gnupg-1.4.6-s390-1_slack10.0.tgz:
       Upgraded to gnupg-1.4.6. This release fixes a severe and exploitable
       bug in earlier versions of gnupg. All gnupg users should update to the
       new packages as soon as possible. For details, see the information
       concerning CVE-2006-6235 posted on lists.gnupg.org:
       http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
       This update also addresses a more minor security issue possibly
       exploitable when GnuPG is used in interactive mode. For more information
       about that issue, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
       (* Security fix *)
patches/packages/libpng-1.2.14-s390-1_slack10.0.tgz:
       Upgraded to libpng-1.2.14. This fixes a bug where a specially crafted PNG
       file could crash applications that use libpng.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
       (* Security fix *)
patches/packages/proftpd-1.3.0a-s390-1_slack10.0.tgz:
       Upgraded to proftpd-1.3.0a plus an additional security patch. Several
       security issues were found in proftpd that could lead to the execution of
       arbitrary code by a remote attacker, including one in mod_tls that does
       not require the attacker to be authenticated first.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
       (* Security fix *)
patches/packages/tar-1.16-s390-1_slack10.0.tgz:
       Upgraded to tar-1.16.
       This fixes an issue where files may be extracted outside of the current
       directory, possibly allowing a malicious tar archive, when extracted, to
       overwrite any of the user's files (in the case of root, any file on the
       system).
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
       (* Security fix *)
patches/packages/xine-lib-1.1.3-s390-1_slack10.0.tgz:
       Upgraded to xine-lib-1.1.3 which fixes possible security problems
       such as a heap overflow in libmms and a buffer overflow in the
       Real Media input plugin.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
       (* Security fix *)

+--------------------------+
Tue Nov 14 23:39:49 EST 2006
patches/packages/bind-9.2.6_P2-s390-1_slack10.0.tgz:
       Upgraded to bind-9.2.6-P2. This fixes some security issues related to
       previous fixes in OpenSSL. The minimum OpenSSL version was raised to
       OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
       in older versions (these patches were already issued for Slackware). If you
       have not upgraded yet, get those as well to prevent a potentially exploitable
       security problem in named. In addition, the default RSA exponent was changed
       from 3 to 65537. RSA keys using exponent 3 (which was previously BIND's
       default) will need to be regenerated to protect against the forging
       of RRSIGs.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
       (* Security fix *)

+--------------------------+
Sat Nov 4 21:52:29 EST 2006
patches/packages/screen-4.0.3-s390-1_slack10.0.tgz: Upgraded to screen-4.0.3.
       This addresses an issue with the way screen handles UTF-8 character encoding
       that could allow screen to be crashed (or possibly code to be executed in the
       context of the screen user) if a specially crafted sequence of pseudo-UTF-8
       characters are displayed withing a screen session.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
       (* Security fix *)
patches/packages/qt-3.3.3-s390-2_slack10.0.tgz: Patched.
       This fixes an issue with Qt's handling of pixmap images that causes Qt linked
       applications to crash if a specially crafted malicious image is loaded.
       Inspection of the code in question makes it seem unlikely that this could
       lead to more serious implications (such as arbitrary code execution), but it
       is recommended that users upgrade to the new Qt package.
       For more information, see:
       http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
       (* Security fix *)

+--------------------------+
Sat Sep 30 00:02:44 EDT 2006
patches/packages/openssl-0.9.7l-s390-1_slack10.0.tgz:
       Upgraded to shared libraries from openssl-0.9.7l.
       See openssl package update below.
       (* Security fix *)
patches/packages/openssh-4.4p1-s390-1_slack10.0.tgz:
       Upgraded to openssh-4.4p1.
       This fixes a few security related issues. From the release notes found at
       http://www.openssh.com/txt/release-4.4:
       * Fix a pre-authentication denial of service found by Tavis Ormandy,
       that would cause sshd(8) to spin until the login grace time
       expired.
       * Fix an unsafe signal hander reported by Mark Dowd. The signal
       handler was vulnerable to a race condition that could be exploited
       to perform a pre-authentication denial of service. On portable
       OpenSSH, this vulnerability could theoretically lead to
       pre-authentication remote code execution if GSSAPI authentication
       is enabled, but the likelihood of successful exploitation appears
       remote.
       * On portable OpenSSH, fix a GSSAPI authentication abort that could
       be used to determine the validity of usernames on some platforms.
       Links to the CVE entries will be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
       After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
       the way you want them. Future upgrades will respect the existing permissions
       settings. Thanks to Manuel Reimer for pointing out that upgrading openssh
       would enable a previously disabled sshd daemon.
       Do better checking of passwd, shadow, and group to avoid adding
       redundant entries to these files. Thanks to Menno Duursma.
       (* Security fix *)
patches/packages/openssl-0.9.7l-s390-1_slack10.0.tgz:
       Upgraded to openssl-0.9.7l.
       This fixes a few security related issues:
       During the parsing of certain invalid ASN.1 structures an error
       condition is mishandled. This can result in an infinite loop which
       consumes system memory (CVE-2006-2937). (This issue did not affect
       OpenSSL versions prior to 0.9.7)
       Thanks to Dr S. N. Henson of Open Network Security and NISCC.
       Certain types of public key can take disproportionate amounts of
       time to process. This could be used by an attacker in a denial of
       service attack (CVE-2006-2940).
       Thanks to Dr S. N. Henson of Open Network Security and NISCC.
       A buffer overflow was discovered in the SSL_get_shared_ciphers()
       utility function. An attacker could send a list of ciphers to an
       application that uses this function and overrun a buffer.
       (CVE-2006-3738)
       Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
       A flaw in the SSLv2 client code was discovered. When a client
       application used OpenSSL to create an SSLv2 connection to a malicious
       server, that server could cause the client to crash (CVE-2006-4343).
       Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
       Links to the CVE entries will be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
       (* Security fix *)

+--------------------------+
Sat Sep 23 20:53:36 EDT 2006
patches/packages/gzip-1.3.5-s390-1_slack10.0.tgz:
       Upgraded to gzip-1.3.5, and fixed a variety of bugs.
       Some of the bugs have possible security implications if gzip or its tools are
       fed a carefully constructed malicious archive. Most of these issues were
       recently discovered by Tavis Ormandy and the Google Security Team. Thanks
       to them, and also to the ALT and Owl developers for cleaning up the patch.
       For further details about the issues fixed, please see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
       (* Security fix *)
patches/packages/openssl-0.9.7d-s390-3_slack10.0.tgz: Patched an issue where
       it is possible to forge certain kinds of RSA signatures.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
patches/packages/openssl-solibs-0.9.7d-s390-3_slack10.0.tgz: Patched an issue
       where it is possible to forge certain kinds of RSA signatures.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
       (* Security fix *)

+--------------------------+
Sat Sep 16 14:03:04 EDT 2006
patches/packages/libtiff-3.7.0-s390-1.tgz: Removed, since this was an older
       version than libtiff-3.8.2-s390-1_slack10.0.tgz

+--------------------------+
Sat Sep 9 21:32:02 EDT 2006
patches/packages/bind-9.2.6_P1-s390-1_slack10.0.tgz
       Upgraded to bind-9.2.6_P1.
       This update addresses a denial of service vulnerability.
       BIND's CHANGES file says this:
       2066. [security] Handle SIG queries gracefully. [RT #16300]
       The best discussion I've found is in FreeBSD's advisory, so here's a link:
       http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
       Also, fixed some missing man pages. (noticed by Xavier Thomassin -- thanks)
       (* Security fix *)
patches/packages/bootshell-1.3-s390-2.tgz:
       Rebuilt bootshell as static, not dynamic. If your /usr file
       system isn't available, you still want to be able to log in
       to your system so you can fix it. ;)

+--------------------------+
Sun Aug 27 14:04:47 EDT 2006
patches/packages/gnupg-1.4.5-s390-1_slack10.0.tgz:
       Upgraded to gnupg-1.4.5.
       From the gnupg-1.4.5 NEWS file:
       * Fixed 2 more possible memory allocation attacks. They are
       similar to the problem we fixed with 1.4.4. This bug can easily
       be be exploited for a DoS; remote code execution is not entirely
       impossible.
(* Security fix *)
patches/packages/libtiff-3.8.2-s390-1_slack10.0.tgz:
       Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
       the Google Security Team. These issues could be used to crash programs
       linked to libtiff or possibly to execute code as the program's user.
       A low risk command-line overflow in tiffsplit was also patched.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
       (* Security fix *)

+--------------------------+
Sun Aug 6 17:47:25 EDT 2006
slackware/n/iproute2-2.6.7-ss040608-s390-1.tgz: Built iproute2. Not sure
       why this was never done before.

+--------------------------+
Sat Jul 29 17:46:17 EDT 2006
patches/packages/apache-1.3.37-s390-1_slack10.0.tgz:
       Upgraded to apache-1.3.37.
       From the announcement on httpd.apache.org:
       This version of Apache is security fix release only. An off-by-one flaw
       exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
       since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
       The Slackware Security Team feels that the vast majority of installations
       will not be configured in a vulnerable way but still suggests upgrading to
       the new apache and mod_ssl packages for maximum security.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
       And see Apache's announcement here:
       http://www.apache.org/dist/httpd/Announcement1.3.html
       (* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-s390-1_slack10.0.tgz:
       Upgraded to mod_ssl-2.8.28-1.3.37.
patches/packages/mutt-1.4.2.2i-s390-1_slack10.0.tgz:
       Upgraded to mutt-1.4.2.2i.
       This release fixes CVE-2006-3242, a buffer overflow that could be triggered
       by a malicious IMAP server.
       [Connecting to malicious IMAP servers must be common, right? -- Ed.]
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
       (* Security fix *)
patches/packages/samba-3.0.23-s390-2_slack10.0.tgz:
       Patched a problem in nsswitch/wins.c that caused crashes in the wins
       and/or winbind libraries.
       Thanks to Mikhail Kshevetskiy for pointing out the issue and offering
       a reference to the patch in Samba's source repository.
       Also, this version of Samba evidently created a new dependency on libdm.so
       (found in the xfsprogs package in non -current Slackware versions). This
       additional dependency was not intentional, and has been corrected.
patches/packages/tcpip-0.17-s390-29c_slack10.0.tgz:
       Repatched the telnet client with the official OpenBSD patch that had
       already replaced the original security fix in Slackware 9.1, 10.2 and
       -current. Thanks to Dragan Simic for reporting the issue, and my
       apologies for taking so long to address the insufficiencies of the
       original patch in Slackware 10.0 and 10.1.

+--------------------------+
Sun Jul 16 17:07:16 EDT 2006
patches/packages/samba-3.0.23-s390-1_slack10.0.tgz:
       Upgraded to samba-3.0.23.
       This fixes a minor memory exhaustion DoS in smbd.
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
       (* Security fix *)

+--------------------------+
Sun Jul 2 19:34:29 EDT 2006
patches/packages/arts-1.2.3-s390-2_slack10.0.tgz:
       Patched to fix a possible exploit if artswrapper is setuid root (which,
       by default, it is not) and the system is running a 2.6 kernel.
       Systems running 2.4 kernels are not affected.
       The official KDE security advisory may be found here:
       http://www.kde.org/info/security/advisory-20060614-2.txt
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
       (* Security fix *)
patches/packages/gnupg-1.4.4-s390-1_slack10.0.tgz:
       This version fixes a memory allocation issue that could allow an attacker to
       crash GnuPG creating a denial-of-service.
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
patches/packages/kdebase-3.2.3-s390-4_slack10.0.tgz:
       Patched a problem with kdm where it could be abused to read any file
       on the system.
       The official KDE security advisory may be found here:
       http://www.kde.org/info/security/advisory-20060614-1.txt
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
       (* Security fix *)
patches/packages/samba-3.0.9-s390-2.tgz: Fixed a problem with the prototype
       that was causing /usr/lib/libsmbclient.so to not be included.

+--------------------------+
Thu Jun 15 13:46:39 EDT 2006
patches/packages/sendmail-8.13.7-s390-1_slack10.0.tgz:
       Upgraded to sendmail-8.13.7.
       Fixes a potential denial of service problem caused by excessive recursion
       leading to stack exhaustion when attempting delivery of a malformed MIME
       message. This crashes sendmail's queue processing daemon, which in turn
       can lead to two problems: depending on the settings, these crashed
       processes may create coredumps which could fill a drive partition; and
       such a malformed message in the queue will cause queue processing to
       cease when the message is reached, causing messages that are later in
       the queue to not be processed.
       Sendmail's complete advisory may be found here:
       http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
       Sendmail has also provided an FAQ about this issue:
       http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
       (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.0.tgz:
       Upgraded to sendmail-8.13.7 configs.

+--------------------------+
Sat Jun 10 14:22:53 EDT 2006
patches/packages/apache-1.3.35-s390-2_slack10.0.tgz:
       Patched to fix totally broken Include behavior.
       Thanks to Francesco Gringoli for reporting this bug.
       Upgraded to apache-1.3.35.
       From the official announcement:
       Of particular note is that 1.3.35 addresses and fixes 1 potential
       security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting. Change also made to
       ap_escape_html so we escape quotes. Reported by JPCERT
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
       (* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-s390-1_slack10.0.tgz:
       Upgraded to mod_ssl-2.8.26-1.3.35.
       This is an updated version designed for Apache 1.3.35.
patches/packages/mozilla-1.7.13-s390-1.tgz: Upgraded to mozilla-1.7.13.
       This upgrade fixes several possible security bugs.
       For more information, see:
       http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
       This release marks the end-of-life of the Mozilla 1.7.x series:
       http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
       Mozilla Corporation is recommending that users think about
       migrating to Firefox and Thunderbird.
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz:
       Updated for mozilla-1.7.13.
patches/packages/mysql-4.0.27-s390-1_slack10.0.tgz:
       Upgraded to mysql-4.0.27.
       This fixes some minor security issues with possible information leakage.
       Note that the information leakage bugs require that the attacker have
       access to an account on the database. Also note that by default,
       Slackware's rc.mysqld script does *not* allow access to the database
       through the outside network (it uses the --skip-networking option).
       If you've enabled network access to MySQL, it is a good idea to filter
       the port (3306) to prevent access from unauthorized machines.
       For more details, see the MySQL 4.0.27 release announcement here:
       http://lists.mysql.com/announce/359
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
       (* Security fix *)

+--------------------------+
Sun Apr 2 20:29:00 EST 2006
patches/packages/fetchmail-6.3.2-s390-1.tgz: Upgraded to fetchmail-6.3.2.
       Presumably this replaces all the known security problems with
       a batch of new unknown ones. (fetchmail is improving, really ;-)
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
       (* Security fix *)
patches/packages/gnupg-1.4.2.2-s390-1.tgz: Upgraded to gnupg-1.4.2.2.
       There have been two security related issues reported recently with GnuPG.
       From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
       Noteworthy changes in version 1.4.2.2 (2006-03-08)
       * Files containing several signed messages are not allowed any
       longer as there is no clean way to report the status of such
       files back to the caller. To partly revert to the old behaviour
       the new option --allow-multisig-verification may be used.
       Noteworthy changes in version 1.4.2.1 (2006-02-14)
       * Security fix for a verification weakness in gpgv. Some input
       could lead to gpgv exiting with 0 even if the detached signature
       file did not carry any signature. This is not as fatal as it
       might seem because the suggestion as always been not to rely on
       th exit code but to parse the --status-fd messages. However it
       is likely that gpgv is used in that simplified way and thus we
       do this release. Same problem with "gpg --verify" but nobody
       should have used this for signature verification without
       checking the status codes anyway. Thanks to the taviso from
       Gentoo for reporting this problem.
       (* Security fix *)
patches/packages/kdegraphics-3.2.3-s390-2.tgz: Patched integer and
       heap overflows in kpdf to fix possible security bugs with malformed
       PDF files.
       For more information, see:
       http://www.kde.org/info/security/advisory-20051207-2.txt
       http://www.kde.org/info/security/advisory-20060202-1.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
       (* Security fix *)
patches/packages/kdelibs-3.2.3-s390-3.tgz: Patched a heap overflow
       vulnerability in kjs, the JavaScript interpreter engine used by
       Konqueror and other parts of KDE.
       For more information, see:
       http://www.kde.org/info/security/advisory-20060119-1.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
       (* Security fix *)
patches/packages/openssh-4.3p1-s390-1.tgz: Upgraded to openssh-4.3p1.
       This fixes a security issue when using scp to copy files that could
       cause commands embedded in filenames to be executed.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
       (* Security fix *)
patches/packages/sendmail-8.13.6-s390-1.tgz: Upgraded to sendmail-8.13.6.
       This new version of sendmail contains a fix for a security problem
       discovered by Mark Dowd of ISS X-Force. From sendmail's advisory:
       Sendmail was notified by security researchers at ISS that, under some
       specific timing conditions, this vulnerability may permit a specifically
       crafted attack to take over the sendmail MTA process, allowing remote
       attackers to execute commands and run arbitrary programs on the system
       running the MTA, affecting email delivery, or tampering with other
       programs and data on this system. Sendmail is not aware of any public
       exploit code for this vulnerability. This connection-oriented
       vulnerability does not occur in the normal course of sending and
       receiving email. It is only triggered when specific conditions are
       created through SMTP connection layer commands.
       Sendmail's complete advisory may be found here:
       http://www.sendmail.com/company/advisory/index.shtml
       The CVE entry for this issue may be found here:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
       (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
       Upgraded to sendmail-8.13.6 configuration files.
patches/packages/sudo-1.6.8p12-s390-1.tgz: Upgraded to sudo-1.6.8p12.
       This fixes an issue where a user able to run a Python script through sudo
       may be able to gain root access.
       IMHO, running any kind of scripting language from sudo is still not safe...
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
       (* Security fix *)
patches/packages/xpdf-3.01-s390-3.tgz: Recompiled with xpdf-3.01pl2.patch to
       fix integer and heap overflows in xpdf triggered by malformed PDF files.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
       (* Security fix *)

+--------------------------+
Fri Dec 16 13:35:00 EST 2005
patches/packages/curl-7.12.2-s390-1.tgz: Patched. This addresses a buffer
       overflow in libcurl's NTLM function that could have possible security
       implications.
       For more details, see:
       http://curl.haxx.se/docs/security.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
       (* Security fix *)
patches/packages/elm-2.5.8-s390-1.tgz: Upgraded to elm2.5.8.
       This fixes a buffer overflow in the parsing of the Expires header that
       could be used to execute arbitrary code as the user running Elm.
       Thanks to Ulf Harnhammar for finding the bug and reminding me to get
       out updated packages to address the issue.
       A reference to the original advisory:
       http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
patches/packages/lynx-2.8.5rel.5-s390-1.tgz: Upgraded to lynx-2.8.5rel.5.
       Fixes an issue where the handling of Asian characters when using lynx to
       connect to an NNTP server (is this a common use?) could result in a buffer
       overflow causing the execution of arbitrary code.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
       (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-s390-1.tgz:
       Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/wget-1.10.2-s390-1.tgz: Upgraded to wget-1.10.2.
       This addresses a buffer overflow in wget's NTLM handling function that could
       have possible security implications.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
       (* Security fix *)

+--------------------------+
Fri Dec 16 03:18:00 EST 2005
patches/packages/imapd-4.64-s390-1.tgz: Upgraded to imapd-4.64.
       A buffer overflow was reported in the mail_valid_net_parse_work function.
       However, this function in the c-client library does not appear to be called
       from anywhere in imapd. iDefense states that the issue is of LOW risk to
       sites that allow users shell access, and LOW-MODERATE risk to other servers.
       I believe it's possible that it is of NIL risk if the function is indeed
       dead code to imapd, but draw your own conclusions...
       (* Security fix *)
patches/packages/koffice-1.3.1-s390-3.tgz: Patched.
       Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
       (* Security fix *)
patches/packages/openssl-0.9.7d-s390-2.tgz: Patched.
       Fixed a vulnerability that could, in rare circumstances, allow an attacker
       acting as a "man in the middle" to force a client and a server to negotiate
       the SSL 2.0 protocol (which is known to be weak) even if these parties both
       support SSL 3.0 or TLS 1.0.
       For more details, see:
       http://www.openssl.org/news/secadv_20051011.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
       (* Security fix *)
patches/packages/openssl-solibs-0.9.7d-s390-2.tgz: Patched.
       (* Security fix *)
patches/packages/pine-4.64-s390-1.tgz: Upgraded to pine-4.64.
patches/packages/x11-6.7.0-s390-3.tgz: Patched a pixmap overflow issue.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
       (* Security fix *)
patches/packages/x11-xnest-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/x11-xprt-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/x11-xvfb-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/xine-lib-1.0.3a-s390-1.tgz: Upgraded to xine-lib-1.0.3a.
       This fixes a format string bug where an attacker, if able to upload malicious
       information to a CDDB server and then get a local user to play a certain
       audio CD, may be able to run arbitrary code on the machine as the user
       running the xine-lib linked application.
       For more information, see:
       http://xinehq.de/index.php/security/XSA-2005-1
       (* Security fix *)

+--------------------------+
Thu Dec 15 03:14:00 EST 2005
patches/packages/apache-1.3.34-s390-1.tgz: Upgraded to apache-1.3.34.
       Fixes this minor security bug: "If a request contains both Transfer-Encoding
       and Content-Length headers, remove the Content-Length, mitigating some HTTP
       Request Splitting/Spoofing attacks."
       (* Security fix *)
patches/packages/dhcpcd-1.3.22pl4-s390-2.tgz: Patched an issue where a
       remote attacker can cause dhcpcd to crash.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
       (* Security fix *)
patches/packages/gaim-1.5.0-s390-1.tgz: Upgraded to gaim-1.5.0.
       This fixes some more security issues.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
       (* Security fix *)
patches/packages/kdebase-3.2.3-s390-3.tgz: Patched a security bug in
       kcheckpass that could allow a local user to gain root privileges.
       For more information, see:
       http://www.kde.org/info/security/advisory-20050905-1.txt
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
       (* Security fix *)
patches/packages/mozilla-1.7.12-s390-1.tgz: Upgraded to mozilla-1.7.12.
       This fixes several security issues. For more information, see:
       http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.12-noarch-1.tgz: Upgraded Java(TM)
       symlink for Mozilla.
patches/packages/pcre-6.3-s390-1.tgz: Upgraded to pcre-6.3.
       This fixes a buffer overflow that could be triggered by the processing of a
       specially crafted regular expression. Theoretically this could be a security
       issue if regular expressions are accepted from untrusted users to be
       processed by a user with greater privileges, but this doesn't seem like a
       common scenario (or, for that matter, a good idea). However, if you are
       using an application that links to the shared PCRE library and accepts
       outside input in such a manner, you will want to update to this new package.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
       (* Security fix *)
patches/packages/php-4.3.11-s390-3.tgz: Relinked with the system PCRE library,
       as the builtin library has a buffer overflow that could be triggered by the
       processing of a specially crafted regular expression.
       Note that this change requires the pcre package to be installed.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
       (* Security fix *)
       Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
       insecure eval() function.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
       (* Security fix *)
patches/packages/util-linux-2.12a-s390-2.tgz: Patched an issue with
       umount where if the umount failed when the '-r' option was used, the
       filesystem would be remounted read-only but without any extra flags
       specified in /etc/fstab. This could allow an ordinary user able to
       mount a floppy or CD (but with nosuid, noexec, nodev, etc in
       /etc/fstab) to run a setuid binary from removable media and gain
       root privileges.
       Reported to BugTraq by David Watson:
       http://www.securityfocus.com/archive/1/410333
       (* Security fix *)

+--------------------------+
Sun Jul 31 23:28:19 EDT 2005
patches/packages/dnsmasq-2.22-s390-1.tgz: Upgraded to dnsmasq-2.22.
       This fixes an off-by-one overflow vulnerability may allow a DHCP
       client to create a denial of service condition. Additional code was
       also added to detect and defeat attempts to poison the DNS cache.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877
       (* Security fix *)
patches/packages/fetchmail-6.2.5.2-s390-1.tgz:
       Upgraded to fetchmail-6.2.5.2.
       This fixes an overflow by which malicious or compromised POP3 servers
       may overflow fetchmail's stack.
       For more information, see:
       http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
       (* Security fix *)
patches/packages/gaim-1.3.1-s390-1.tgz: Upgraded to gaim-1.3.1 and
       gaim-encryption-2.38. This fixes a couple of remote crash bugs, so
       users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1.
       (* Security fix *)
patches/packages/gxine-0.4.6-s390-1.tgz: Upgraded to gxine-0.4.6.
       This fixes a format string vulnerability that allows remote attackers to
       execute arbitrary code via a ram file with a URL whose hostname contains
       format string specifiers.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
       (* Security fix *)
patches/packages/infozip-5.52-s390-1.tgz: Upgraded to unzip552.tar.gz and
       zip231.tar.gz. These fix some buffer overruns if deep directory paths are
       packed into a Zip archive which could be a security vulnerability (for
       example, in a case of automated archiving or backups that use Zip). However,
       it also appears that these now use certain assembly instructions that might
       not be available on older CPUs, so if you have an older machine you may wish
       to take this into account before deciding whether you should upgrade.
       (* Security fix *)
patches/packages/kdenetwork-3.2.3-s390-2.tgz: Patched overflows in
       libgadu (used by kopete) that can cause a denial of service or
       arbitrary code execution.
       For more information, see:
       http://www.kde.org/info/security/advisory-20050721-1.txt
       (* Security fix *)
patches/packages/mozilla-1.7.10-s390-1.tgz: Upgraded to mozilla-1.7.10.
       This fixes several security issues. For more information, see:
       http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
       (* Security fix *)
       Fixed a folder switching bug.
       Thanks to Peter Santoro for pointing out the patch.
patches/packages/mozilla-plugins-1.7.10-noarch-1.tgz: Upgraded Java(TM)
       symlink for Mozilla.
patches/packages/ncftp-3.1.9-s390-1.tgz: Upgraded to ncftp-3.1.9.
       This corrects a vulnerability where a download from a hostile FTP server
       might be written to an unintended location potentially compromising system
       security or causing a denial of service.
       For more details, see:
       http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5
       (* Security fix *)
patches/packages/php-4.3.11-s390-2.tgz: Upgraded PEAR XML_RPC class.
       This new PHP package fixes a PEAR XML_RPC vulnerability. Sites that use
       this PEAR class should upgrade to the new PHP package, or as a minimal
       fix may instead upgrade the XML_RPC PEAR class with the following command:
       pear upgrade XML_RPC
       (* Security fix *)
patches/packages/sudo-1.6.8p9-s390-1.tgz: Upgraded to sudo-1.6.8p9.
       This new version of Sudo fixes a race condition in command pathname handling
       that could allow a user with Sudo privileges to run arbitrary commands.
       For full details, see the Sudo site:
       http://www.courtesan.com/sudo/alerts/path_race.html
       (* Security fix *)
patches/packages/tcpdump-3.9.3-s390-1.tgz: Upgraded to libpcap-0.9.3 and
       tcpdump-3.9.3. This fixes an issue where an invalid BGP packet can
       cause tcpdump to go into an infinate loop, effectively disabling network
       monitoring.
       (* Security fix *)
patches/packages/tcpip-0.17-s390-2.tgz: Patched two overflows in
       the telnet client that could allow the execution of arbitrary code
       when connected to a malicious telnet server.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
       (* Security fix *)
patches/packages/xine-lib-1.0.1-s390-1.tgz: Upgraded to xine-lib-1.0.1.
       This fixes some bugs in the MMS and Real RTSP streaming client code.
       While the odds of this vulnerability being usable to a remote attacker are
       low (but see the xine advisory), if you stream media from sites using these
       protocols (and you think the sites might be "hostile" and will try to hack
       into your xine client), then you might want to upgrade to this new version
       of xine-lib. Probably the other fixes and enchancements in xine-lib-1.0.1
       are a better rationale to do so, though.
       For more details on the xine-lib security issues, see:
       http://xinehq.de/index.php/security/XSA-2004-8
       (* Security fix *)
patches/packages/xine-ui-0.99.3-s390-1.tgz: Upgraded to xine-ui-0.99.3.
patches/packages/xv-3.10a-s390-2.tgz: Upgraded to the latest XV jumbo
       patches, xv-3.10a-jumbo-fix-patch-20050410 and
       xv-3.10a-jumbo-enh-patch-20050501. These fix a number of format string
       and other possible security issues in addition to providing many other
       bugfixes and enhancements.
       (Thanks to Greg Roelofs)
       (* Security fix *)
patches/packages/zlib-1.2.3-s390-1.tgz: Upgraded to zlib-1.2.3.
       This fixes an additional crash not fixed by the patch to zlib-1.2.2.
       (* Security fix *)
       Patched an overflow in zlib that could cause applications using zlib
       to crash. The overflow does not involve user supplied data, and therefore
       does not allow the execution of arbitrary code. However, it could still
       be used by a remote attacker to create a denial of service.
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
       (* Security fix *)

+--------------------------+
Sat Jul 30 14:15:00 EDT 2005
patches/packages/cvs-1.11.20-s390-1.tgz: Upgraded to cvs-1.11.20.
       From cvshome.org: "This version fixes many minor security issues in the
       CVS server executable including a potentially serious buffer overflow
       vulnerability with no known exploit. We recommend this upgrade for all CVS
       servers!"
       For more information, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
       (* Security fix *)
patches/packages/python-2.3.5-s390-1.tgz: Upgraded to python-2.3.5.
       From the python.org site: "The Python development team has discovered a flaw
       in the SimpleXMLRPCServer library module which can give remote attackers
       access to internals of the registered object or its module or possibly other
       modules. The flaw only affects Python XML-RPC servers that use the
       register_instance() method to register an object without a _dispatch()
       method. Servers using only register_function() are not affected."
       For more details, see:
       http://python.org/security/PSF-2005-001/
       (* Security fix *)
patches/packages/python-demo-2.3.5-noarch-1.tgz: Upgraded to python-2.3.5
       demos.
patches/packages/python-tools-2.3.5-noarch-1.tgz: Upgraded to python-2.3.5
       tools.

+--------------------------+
Sun Apr 10 18:01:07 EDT 2005
patches/packages/php-4.3.11-s390-1.tgz: Upgraded to php-4.3.11.
       "This is a maintenance release that in addition to over 70 non-critical bug
       fixes addresses several security issues inside the exif and fbsql extensions
       as well as the unserialize(), swf_definepoly() and getimagesize() functions."
       (* Security fix *)

+--------------------------+
Sat Apr 2 13:18:23 EST 2005
patches/packages/gaim-1.2.0-s390-1.tgz: Upgraded to gaim-1.2.0 and
       gaim-encryption-2.36 (compiled against mozilla-1.7.6).
patches/packages/mozilla-1.7.6-s390-1.tgz: Upgraded to mozilla-1.7.6.
       Fixes some security issues. Please see mozilla.org for a complete list.
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz: Adjusted plugin
       symlinks for Mozilla 1.7.6.

+--------------------------+
Sun Mar 13 22:44:00 EST 2005
patches/packages/kernel-source-2.4.29-s390-2.tgz: Forward-ported patches
       23 and 24 from developerWorks and rebuilt.
patches/packages/kernel-headers-2.4.29-s390-2.tgz: Rebuilt.
patches/packages/kernel-modules-2.4.29-s390-2.tgz: Rebuilt.
patches/packages/kernel-default-2.4.29-s390-2.tgz: Rebuilt.

+--------------------------+
Wed Feb 16 11:48:00 EST 2005
kernels/initrd.gz: Fixed a problem with semicolons in parmfiles not
       being parsed properly, and causing errors.

+--------------------------+
Fri Feb 11 13:20:00 EST 2005

Released Slack/390 10.0 stable.

       Thanks to everyone who did some testing on this release and
       reported the problems they encountered. Some of them weren't
       fixed, but should be before 10.1 goes GA. Please read the
       release notes to understand what the issues are.

       If you wind up using this distribution at your site, I would
       be interested in hearing from you as to how it's working
       for you. In particular, anything that can be improved or
       just plain fixed.

As Pat always says, Have fun! :-)

Mark Post

+--------------------------+
Fri Feb 11 02:10:00 EST 2005
testing/packages/linux-2.6.7/kernel-generic-2.6.7-s390-1.tgz: Added a
       generic Linux 2.6.7 kernel. Generic means that it supports almost
       everything through modules, but a lot less than usual is built in.
       For example, the only built-in filesystems are ext2 & ext3. If you
       want something different for your root filesystem, or you need to load
       SCSI or other drivers before mounting root, then you'll need to build
       an initrd (see the new mkinitrd package). You'll also need to add
       a line to your /etc/zipl.conf to load the initrd along with the kernel:
       initrd=/boot/initrd.gz
       This kernel package includes all the patches from IBM's developerWorks
       through linux-2.6.5-s390-12-april2004.tar.gz, forward ported to 2.6.7.
testing/packages/linux-2.6.7/kernel-headers-2.6.7-s390-1.tgz: Added kernel
       headers for Linux 2.6.7.
testing/packages/linux-2.6.7/kernel-modules-2.6.7-s390-1.tgz: Added kernel
       modules for Linux 2.6.7.
testing/packages/linux-2.6.7/kernel-source-2.6.7-s390-1.tgz: Added kernel
       source for Linux 2.6.7.

+--------------------------+
Mon Feb 7 01:38:00 EST 2005
patches/packages/x11-6.7.0-s390-2.tgz: Rebuilt
       The XPM library which is part of the XFree86/XOrg project is used by several
       GUI applications to process XPM image files, so it seemed like a good idea to
       rebuild. For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
       (* Security fix *)

       Note that the name of the keyboard driver in the xorg.conf file has
       changed from "Keyboard" to "kbd". You'll need to make this change in
       order to start X.
patches/packages/x11-devel-6.7.0-s390-2.tgz: Rebuilt

+--------------------------+
Thu Jan 27 19:40:00 EST 2005
patches/packages/kernel-source-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel.
       (* Security fix *)
patches/packages/kernel-headers-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel.
       (* Security fix *)
patches/packages/kernel-default-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel.
       (* Security fix *)
patches/packages/kernel-modules-2.4.29-s390-1.tgz: Upgraded to Linux 2.4.29 kernel.
       (* Security fix *)

+--------------------------+
Mon Jan 24 22:00:00 EST 2005
patches/packages/a2ps-4.13b-s390-2.tgz: Rebuilt
       The GNU a2ps utility fails to properly sanitize filenames,
       which can be abused by a malicious user to execute arbitray
       commands with the privileges of the user running the vulnerable
       application. To know wheter your a2ps package is vulnerable, see
       the:
       http://www.securityfocus.com/bid/11025
       (* Security fix *)
patches/packages/imagemagick-6.1.4_5-s390-1.tgz: Upgraded to imagemagick-6.1.4_5
       Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0
       allows remote attackers to execute arbitrary code via a certain image file.
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
       (* Security fix *)
patches/packages/sudo-1.6.8p4-s390-1.tgz: Upgraded to sudo-1.6.8p4.
       This fixes a bug that may could permit malicious users with permission to run
       a shell script that uses the bash shell to run arbitrary commands. For more
       details, see:
       http://www.sudo.ws/sudo/alerts/bash_functions.html
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1051
       (* Security fix *)
patches/packages/samba-3.0.9-s390-1.tgz: Upgrade to samba-3.0.9.
       A possible buffer overrun in smbd could lead to code execution by a remote
       user. For more details, see:
       http://samba.cdpa.nsysu.edu.tw/samba/news/#can-2004-0882
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
       (* Security fix *)
patches/packages/lvm-1.0.8-s390-2.tgz: Rebuilt
       A bug in lvm (1.5 through 2.1) allows local users to overwrite
       files via a symlink attack on temporary files.
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0972
       (* Security fix *)
patches/packages/imlib-1.9.15-s390-1.tgz: Upgraded to imlib-1.9.15
       Multiple heap-based buffer overflows in the imlib BMP image handler
       allow remote attackers to execute arbitrary code via a crafted BMP file.
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817
       (* Security fix *)
patches/packages/libxml2-2.6.16-s390-1.tgz: Upgraded to libxml2-2.6.16
       Multiple buffer overflows may allow remote attackers to execute
       arbitrary code. 2.6.12 and 2.6.13 are affected, it's unsure if older
       versions are affected as well, you may want to upgrade to to libxml2
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989
       (* Security fix *)
patches/packages/nfs-utils-1.0.6-s390-2.tgz: Rebuilt
       Statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE
       signal, which allows remote attackers to cause a denial of service
       (server process crash) via a TCP connection that is prematurely
       terminated. More information
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014
       (* Security fix *)
patches/packages/php-4.3.10-s390-1.tgz: Upgraded to php-4.3.10
       A theorietical vulnerability exists in older versions of libgd
       that could allow a malicious user to upload a specially crafted
       image file to exploit an integer overflow.
       (* Security fix *)

+--------------------------+
Tue Nov 9 21:31:52 EST 2004
patches/packages/apache-1.3.33-s390-1.tgz: Upgraded to apache-1.3.33.
       This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
       in apache-1.3.32). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
       local user who can create SSI documents to become "nobody". The amount of
       mischief they could cause as nobody seems low at first glance, but it might
       allow them to use kill or killall as nobody to try to create a DoS.
       Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski).
       (* Security fix *)
patches/packages/libtiff-3.7.0-s390-1.tgz: Upgraded to libtiff-3.7.0.
       This fixes several bugs that could lead to crashes, or could possibly allow
       arbitrary code to be executed. For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
       (* Security fix *)
patches/packages/mod_ssl-2.8.22_1.3.33-s390-1.tgz: Upgraded to
       mod_ssl-2.8.22_1.3.33.

+--------------------------+
Thu Oct 28 22:03:51 EDT 2004
patches/packages/apache-1.3.32-s390-1.tgz: Upgraded to apache-1.3.32.
       This addresses a heap-based buffer overflow in mod_proxy by rejecting
       responses from a remote server with a negative Content-Length. The
       flaw could crash the Apache child process, or possibly allow code to
       be executed as the Apache user (but only if mod_proxy is actually in
       use on the server).
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
       (* Security fix *)
patches/packages/mod_ssl-2.8.21_1.3.32-s390-1.tgz:
       Upgraded to mod_ssl-2.8.21-1.3.32.
       Don't allow clients to bypass cipher requirements, possibly negotiating
       a connection that the server does not consider secure enough.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
       (* Security fix *)
patches/packages/php-4.3.9-s390-1.tgz: Upgraded to php-4.3.9.

+--------------------------+
Sun Oct 24 00:43:25 EDT 2004
patches/packages/gaim-1.0.2-s390-1.tgz: Upgraded to gaim-1.0.2
       and gaim-encryption-2.32. A buffer overflow in the MSN protocol
       handler for GAIM 0.79 to 1.0.1 allows remote attackers to cause
       a denial of service (application crash) and may allow the
       execution of arbitrary code.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
       (* Security fix *)

+--------------------------+
Thu Oct 21 22:22:09 EDT 2004
a, ap, k: Updated the maketag, maketag.ez, and tagfiles to reflect the
       package names that are different for Slack/390.

+--------------------------+
Wed Oct 13 14:56:33 EDT 2004
patches/packages/rsync-2.6.3-s390-1.tgz: Upgraded to rsync-2.6.3.
       From the rsync NEWS file:
       A bug in the sanitize_path routine (which affects a non-chrooted
       rsync daemon) could allow a user to craft a pathname that would get
       transformed into an absolute path for certain options (but not for
       file-transfer names). If you're running an rsync daemon with chroot
       disabled, *please upgrade*, ESPECIALLY if the user privs you run
       rsync under is anything above "nobody".
       Note that rsync, in daemon mode, sets the "use chroot" to true by
       default, and (in this default mode) is not vulnerable to this issue.
       I would strongly recommend against setting "use chroot" to false
       even if you've upgraded to this new package.
       (* Security fix *)

+--------------------------+
Mon Oct 4 16:27:18 EDT 2004
patches/packages/getmail-4.2.0-s390-1.tgz: Upgraded to
       getmaii-4.2.0. Earlier versions contained a local security flaw
       when used in an insecure fashion (surprise, running something as
       root that writes to user-controlled files or directories could
       allow the old symlink attack to clobber system files! :-)
       From the getmail CHANGELOG:
       This vulnerability is not exploitable if the administrator does
       not deliver mail to the maildirs/mbox files of untrusted local
       users, or if getmail is configured to use an external
       unprivileged MDA. This vulnerability is not remotely exploitable.
       Most users would not use getmail in such as way as to be vulnerable
       to this flaw, but if your site does this package closes the hole.
       I'd also recommend not using getmail like this. Either run it as the
       user that owns the target mailbox, or deliver through an external MDA.
       (* Security fix *)
patches/packages/zlib-1.2.2-s390-1.tgz: Upgraded to zlib-1.2.2.
       This fixes a possible DoS in earlier versions of zlib-1.2.x.
       (* Security fix *)

+--------------------------+
Sat Sep 25 00:53:44 EDT 2004
kernels/initrd.gz: Corrected the "welcome message" in /etc/issue. Copied
       /etc/issue to /etc/issue.net to that people using telnet instead of SSH
       will see the message. Renamed /etc/securetty to /etc/securetty.hold so
       that people using telnet won't be prompted for a password for root when
       starting the install proces.

+--------------------------+
Tue Sep 21 01:44:00 EDT 2004
patches/packages/cups-1.1.21-s390-1.tgz: Upgraded to cups-1.1.21.
       This fixes a flaw where a remote attacker can crash the CUPS
       server causing a denial of service.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
       (* Security fix *)
patches/packages/gtk+2-2.4.10-s390-1.tgz: Upgraded to gtk+-2.4.10.
       This fixes security issues in the image loader routines that can
       crash applications.
       (* Security fix *)
patches/packages/mozilla-1.7.3-s390-1.tgz: Upgraded to mozilla-1.7.3.
       The Mozilla page says this fixes some "minor security holes".
       It also breaks Galeon and Epiphany, and new versions of these have
       still not appeared. In light of this, I think it's time to remove
       these Gecko-based browsers. The future is going to be Firefox and
       Thunderbird anyway, and I don't believe Galeon and Epiphany can be
       compiled against Firefox's libraries.
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.3-noarch-1.tgz: Changed plugin
       symlinks for Mozilla 1.7.3.
patches/packages/xine-lib-1rc6a-s390-1.tgz: Upgraded to xine-lib-1-rc6a.
       This release fixes a few overflows that could have security implications.
       (* Security fix *)

+--------------------------+
Sun Sep 19 14:15:46 EDT 2004
extra/kernel-default-2.4.21/kernel-default-2.4.21-s390-2.tgz: Rebuilt
       the kernel from the new kernel source.
extra/kernel-headers-2.4.21/kernel-headers-2.4.21-s390-2.tgz: Rebuilt
       the kernel from the new kernel source.
extra/kernel-modules-2.4.21/kernel-modules-2.4.21-s390-2.tgz: Rebuilt
       the kernel from the new kernel source.
extra/kernel-source-2.4.21/kernel-source-2.4.21-s390-2.tgz: Applied the
       latest IBM patches from developerWorks to the kernel source . We're
       now up to the -16 level of the "June 2003 Stream."

+--------------------------+
Sun Sep 19 01:34:06 EDT 2004
a/kernel-default-2.4.26-s390-2.tgz: Rebuilt the kernel from the new kernel
       source.
a/kernel-modules-2.4.26-s390-2.tgz: Rebuilt the kernel modules from the new
       kernel source.
d/kernel-headers-2.4.26-s390-2.tgz: Rebuilt the kernel headers from the new
       kernel source.
k/kernel-source-2.4.26-s390-2.tgz: Applied the latest IBM patches from
       developerWorks to the kernel source (forward ported from 2.4.21). We're
       now up to the -16 level of the "June 2003 Stream."
extra/cpint-1.1.6/cpint-1.1.6_2.4.26-s390-2.tgz: Rebuilt using the new
       kernel source.

+--------------------------+
Sat Sep 18 13:52:22 EDT 2004
x/*: Finally got the x11 packages to build properly, so I followed
       Pat's direction and switched to X11R6.7.0 from X.Org. Instead of
       moving XFree86 to unsupported, though, I moved it to /pasture for
       this version only. I tested various X applications, and they all
       seemed to work without having to recompile. If anyone runs into
       a case where they think a recompile will help, please let me know.
extra/kernel-default-2.4.21/kernel-default-2.4.21-s390-1.tgz: Moved to /extra
       because a number of people were installing both, instead of just one. Since
       I intended 2.4.26 to be the true default, 2.4.21 is the one that got moved.
extra/kernel-headers-2.4.21/kernel-headers-2.4.21-s390-1.tgz: Moved to /extra
       because a number of people were installing both, instead of just one. Since
       I intended 2.4.26 to be the true default, 2.4.21 is the one that got moved.
extra/kernel-modules-2.4.21/kernel-modules-2.4.21-s390-1.tgz: Moved to /extra
       because a number of people were installing both, instead of just one. Since
       I intended 2.4.26 to be the true default, 2.4.21 is the one that got moved.
extra/kernel-source-2.4.21/kernel-source-2.4.21-s390-1.tgz: Moved to /extra
       because a number of people were installing both, instead of just one. Since
       I intended 2.4.26 to be the true default, 2.4.21 is the one that got moved.
extra/source/kde: Removed the entire arts directory, since it was a duplicate
       of the one in source/kde/arts.

+--------------------------+
Tue Sep 14 13:04:28 EDT 2004
patches/packages/samba-3.0.5-s390-2.tgz: Patched two Denial of Service
       vulnerabilities in samba-3.0.5.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
       (* Security fix *)

+--------------------------+
Sat Sep 11 18:59:48 EDT 2004
d/gcc-3.3.4-s390-2.tgz: Recompiled with a patch that will allow 2.6
       kernel modules to be built on S/390.
patches/packages/proftpd-1.2.10-s390-1.tgz: Upgraded to proftpd-1.2.10.
extra/kde-3.2.3/kdebase-3.2.3-s390-2.tgz: Patched frame injection
       vulnerability in Konqueror. For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
       (* Security fix *)
extra/kde-3.2.3/kdelibs-3.2.3-s390-2.tgz: Patched unsafe temporary directory
       usage, cross-domain cookie injection vulnerability for certain country
       specific domains, and frame injection vulnerability in Konqueror.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
       (* Security fix *)

+--------------------------+
Tue Sep 7 23:47:15 EDT 2004
patches/packages/glibc-2.3.2-s390-2.tgz: Recompiled using 'strip -g' rather
       than 'strip --strip-unneeded' to avoid stripping symbols that are needed for
       debugging threads. Thanks to those who reported this bug, especially
       Ricardo Nabinger Sanchez who sent in a sample thread program that made
       it easy to test for the problem (and confirm the fix worked).
patches/packages/glibc-solibs-2.3.2-s390-2.tgz: Recompiled using 'strip -g'.
patches/packages/kdebase-3.2.1-s390-3.tgz: Patched frame injection
       vulnerability in Konqueror. For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
       (* Security fix *)
patches/packages/kdelibs-3.2.1-s390-2.tgz: Patched unsafe temporary directory
       usage, cross-domain cookie injection vulnerability for certain country
       specific domains, and frame injection vulnerability in Konqueror.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
       (* Security fix *)

+--------------------------+
Fri Aug 27 16:03:02 EDT 2004
patches/packages/gaim-0.82.1-s390-1.tgz:
       Upgraded to gaim-0.82.1 and gaim-encryption-2.30.
       Fixes several security issues:
       Content-length DOS (malloc error) (no CAN ID on this one)
       MSN strncpy buffer overflow (CAN-2004-0500)
       Groupware message receive integer overflow (CAN-2004-0754)
       Smiley theme installation lack of escaping (CAN-2004-0784)
       RTF message buffer overflow, Local hostname resolution buffer overflow,
       URL decode buffer overflow (these 3 are CAN-2004-0785)
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
       (* Security fix *)

+--------------------------+
Tue Aug 24 17:01:29 EDT 2004
patches/packages/qt-3.3.3-s390-1.tgz: Upgraded to qt-3.3.3.
       This fixes bugs in the image loading routines which could be
       used by an attacker to run unauthorized code or create a
       denial-of-service.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
       (* Security fix *)

+--------------------------+
Wed Aug 11 00:09:13 EDT 2004
patches/packages/epiphany-1.2.7-s390-1.tgz: Upgraded to epiphany-1.2.7.
       (compiled against Mozilla 1.7.2)
patches/packages/gaim-0.81-s390-1.tgz: Upgraded to gaim-0.81.
       (compiled against Mozilla 1.7.2)
patches/packages/galeon-1.3.17-s390-1.tgz: Upgraded to galeon-1.3.17.
       (compiled against Mozilla 1.7.2)
patches/packages/mozilla-1.7.2-s390-1.tgz: Upgraded to Mozilla 1.7.2. This
       fixes three security vulnerabilities. For details, see:
       http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
       (* Security fix *)
patches/packages/mozilla-plugins-1.7.2-noarch-1.tgz: Changed plugin symlinks
       for Mozilla 1.7.2.

+--------------------------+
Sun Aug 8 20:42:58 EDT 2004
patches/packages/sox-12.17.4-s390-2.tgz: Patched buffer overflows
       that could allow a malicious WAV file to execute arbitrary code.
       (* Security fix *)
patches/packages/imagemagick-6.0.4_3-s390-1.tgz: Upgraded to
       ImageMagick-6.0.4-3. Fixes PNG security issues.
       (* Security fix *)
patches/packages/libpng-1.2.5-s390-2.tgz: Patched possible security
       issues including buffer and integer overflows and null pointer
       references. These issues could cause program crashes, or possibly
       allow arbitrary code embedded in a malicious PNG image to execute.
       The PNG library is widely used within the system, so all sites
       should upgrade to the new libpng package.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
       (* Security fix *)

+--------------------------+
Thu Aug 5 17:49:06 EDT 2004
kde/kdeaccessibility-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdeaddons-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdeadmin-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdeartwork-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdebase-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdebindings-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdeedu-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdegames-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdegraphics-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdelibs-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdemultimedia-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdenetwork-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdepim-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdesdk-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdetoys-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdeutils-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/kdevelop-3.0.2-s390-2.tgz: Rebuilt using the correct version of qt
kde/koffice-1.3.1-s390-2.tgz: Rebuilt using the correct version of qt
kde/quanta-3.2.1-s390-2.tgz: Rebuilt using the correct version of qt
source/kde: Added the source packages and prototypes that corresponds to KDE 3.2.1
extra/source/kde: Moved the source that corresponds to KDE 3.2.3 to /extra/source/

+--------------------------+
Mon Jul 26 12:04:25 EDT 2004
patches/packages/mod_ssl-2.8.19_1.3.31-s390-1.tgz:
       Upgraded to mod_ssl-2.8.19-1.3.31.
       This fixes a security hole (ssl_log() related format string
       vulnerability in mod_proxy hook functions), so sites using mod_ssl
       should upgrade to the new version. Be sure to back up your existing
       key files first.
       (* Security fix *)
patches/packages/samba-3.0.5-s390-1.tgz: Upgraded to samba-3.0.5.
       This fixes a buffer overflow in SWAT and another in the code supporting
       the 'mangling method = hash' smb.conf option (which is not the default).
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
       (* Security fix *)

+--------------------------+
Fri Jul 23 22:27:22 EDT 2004
kernels/initrd.gz: Modified the kernel installation script, and the
       swapfile configuration scripts. Fixed the /bin/filesize script
       so that it now returns the file size, and not the month.

+--------------------------+
Wed Jul 21 15:06:51 EDT 2004
patches/packages/php-4.3.8-s390-1.tgz: Upgraded to php-4.3.8.
       This release fixes two security problems in PHP (memory_limit handling and
       a problem in the strip_tags function). Sites using PHP should upgrade.
       For more details, see:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
       (* Security fix *)

+--------------------------+
Mon Jul 12 15:52:33 EDT 2004
extra/regina/regina-3.3-s390-1.tgz: Added regina 3.3
extra/the/the-3.1-s390-1.tgz: Added THE 3.1

+--------------------------+
Fri Jul 9 12:42:18 EDT 2004
patches/packages/vim-6.3.007-s390-1.tgz: Upgraded to patchlevel 007.
patches/packages/xvim-6.3.007-s390-1.tgz: Upgraded to patchlevel 007.

+--------------------------+
Tue Jul 6 20:20:00 EDT 2004
a/kernel-modules-2.4.21-s390-1.tgz
patches/packages/gaim-0.79-s390-1.tgz

+--------------------------+
Tue Jul 6 02:20:00 EDT 2004
d/kernel-headers-2.4.21-s390-1.tgz
k/kernel-source-2.4.21-s390-1.tgz

+--------------------------+
Fri Jul 4 19:20:00 EDT 2004
d/doxygen-1.3.7-s390-1.tgz

+--------------------------+
Thu Jul 1 20:45:00 EDT 2004
a/shadow-4.0.3-s390-1.tgz
d/gdb-6.1.1-s390-1.tgz
gnome/epiphany-1.2.6-s390-1.tgz
gnome/epiphany-extensions-0.9.1-s390-1.tgz
gnome/gail-1.6.6-s390-1.tgz
gnome/galeon-1.3.15-s390-1.tgz: Patched and compiled for Mozilla 1.7.
       Thanks very much to Philip Langdale for the patch (which made it possible
       to squeeze Mozilla 1.7 into this Slackware release at the last minute).
gnome/gconf-2.6.2-s390-1.tgz
gnome/gconf-editor-2.6.2-s390-1.tgz
gnome/gdm-2.6.0.3-s390-1.tgz
gnome/gnome-desktop-2.6.2-s390-1.tgz
gnome/gnome-panel-2.6.2-s390-1.tgz
gnome/gnome-session-2.6.2-s390-1.tgz
gnome/gnome-speech-0.3.3-s390-1.tgz
gnome/gnome-themes-2.6.2-s390-1.tgz
gnome/gnopernicus-0.9.5-s390-1.tgz
gnome/gpdf-0.132-s390-1.tgz
gnome/gstreamer-0.8.3-s390-1.tgz
gnome/libgtkhtml-2.6.2-s390-1.tgz
gnome/libwnck-2.6.2-s390-1.tgz
l/sdl-1.2.7-s390-1.tgz
n/iptables-1.2.10-s390-1.tgz
xap/gaim-0.78-s390-1.tgz: Compiled against Mozilla 1.7 libraries.
       Added gaim-encryption plugin (suggested by Chris Lumens and Eric Hameleers).
xap/gnuchess-4.0.pl80-s390-1.tgz
xap/mozilla-1.7-s390-1.tgz

+--------------------------+
Thu Jul 1 02:10:00 EDT 2004
a/kernel-default-2.4.26-s390-1.tgz
a/kernel-modules-2.4.26-s390-1.tgz: Load quota_v2 from rc.modules if
       quota options are seen in /etc/fstab.
a/mkinitrd-1.0.1-s390-1.tgz
ap/quota-3.12-s390-1.tgz
l/ncurses-5.4-s390-1.tgz
n/lftp-3.0.6-s390-1.tgz
n/nfs-utils-1.0.6-s390-1.tgz
n/pidentd-3.0.18-s390-1.tgz
n/tcpip-0.17-s390-1.tgz
n/whois-4.6.16-s390-1.tgz
n/wireless-tools-26-s390-1.tgz
xap/gkrellm-2.2.1-s390-1.tgz
extra/bash-completion/bash-completion-20040526-s390-1.tgz
extra/k3b/k3b-0.11.11-s390-1.tgz
extra/kfiresaver3d/kfiresaver3d-0.6-s390-1.tgz
extra/slacktrack/slacktrack-1.21-s390-1.tgz
pasture/pcnfsd-93.02.16-s390-1.tgz

+--------------------------+
Wed Jun 30 01:09:56 EDT 2004
a/hotplug-2004_01_05-s390-1
l/libtiff-3.6.1-s390-1
n/bitchx-1.1-s390-1
n/inetd-1.79s-s390-1
xap/gimp-2.0.2-s390-1

+--------------------------+
Tue Jun 29 02:24:20 EDT 2004
a/aaa_base-10.0.0-s390-1
a/cxxlibs-5.0.6-s390-1
a/aaa_elflibs-9.2.0-s390-1.tgz
a/udev-026-s390-1
ap/most-4.9.5-s390-1
d/gcc-3.3.4-s390-1
d/gcc-g++-3.3.4-s390-1
d/gcc-g77-3.3.4-s390-1
d/gcc-gnat-3.3.4-s390-1
d/gcc-java-3.3.4-s390-1
d/gcc-objc-3.3.4-s390-1
d/m4-1.4.1-s390-1

+--------------------------+
Mon Jun 27 02:55:00 EDT 2004
kde/kdeaddons-3.2.3-s390-1
kde/kdebindings-3.2.3-s390-1
kde/kdepim-3.2.3-s390-1
kde/koffice-1.3.1-s390-1
kde/quanta-3.2.3-s390-1
l/gtk+2-2.4.3-s390-1

+--------------------------+
Sun Jun 26 14:10:00 EDT 2004
kde/kdevelop-3.0.4-s390-1

+--------------------------+
Sat Jun 26 02:25:00 EDT 2004
kde/kdeaccessibility-3.2.3-s390-1
kde/kdeadmin-3.2.3-s390-1
kde/kdeartwork-3.2.3-s390-1
kde/kdeedu-3.2.3-s390-1
kde/kdegames-3.2.3-s390-1
kde/kdegraphics-3.2.3-s390-1
kde/kdemultimedia-3.2.3-s390-1
kde/kdenetwork-3.2.3-s390-1
kde/kdesdk-3.2.3-s390-1
kde/kdetoys-3.2.3-s390-1

+--------------------------+
Fri Jun 25 01:30:00 EDT 2004
l/arts-1.2.3-s390-1
kde/kdebase-3.2.3-s390-1
kde/kdelibs-3.2.3-s390-1
kde/kdeutils-3.2.3-s390-1
kde/qt-3.3.2-s390-1

+--------------------------+
Wed Jun 23 22:10:00 EDT 2004
a/sysvinit-2.84-s390-1
ap/cdrdao-1.1.9-s390-1
ap/vim-6.3.004-s390-1
d/cvs-1.11.17-s390-1
d/strace-4.5.4-s390-1
gnome/gcalctool-4.4.8-s390-1
gnome/gnome-icon-theme-1.2.3-noarch-1
gnome/nautilus-2.6.3-s390-1
gnome/totem-0.99.12-s390-1
l/zlib-1.2.1.1-s390-1
n/elm-2.5.7-s390-1
n/proftpd-1.2.9-s390-1
xap/imagemagick-6.0.2_7-s390-1
xap/xchat-2.0.9-s390-1
xap/xine-lib-1rc4a-s390-1
xap/xvim-6.3.004-s390-1
+--------------------------+
Caught up to Pat's upload dated Mon Jun 7 00:56:25 PDT 2004
Slackware™ is a trademark of Patrick Volkerding.