[A-4082] New on Slackware-current

Sat Feb 11 02:37:16 UTC 2012
l/seamonkey-solibs-2.7.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
xap/mozilla-firefox-10.0.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
xap/seamonkey-2.7.1-i486-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
testing/packages/mozilla-firefox-11.0b2-i486-1.txz: Upgraded.

Sat Feb 11 02:37:16 UTC 2012
l/seamonkey-solibs-2.7.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
xap/mozilla-firefox-10.0.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/firefox.html
(* Security fix *)
xap/seamonkey-2.7.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
testing/packages/mozilla-firefox-11.0b2-x86_64-1.txz: Upgraded.

Fri Feb 10 20:44:49 UTC 2012
a/cups-1.4.8-arm-1.tgz: Upgraded.
a/kernel-firmware-3.2.5-noarch-1.tgz: Upgraded.
a/kernel-modules-kirkwood-3.2.5_kirkwood-arm-1.tgz: Upgraded.
a/kernel-modules-tegra-3.2.5_tegra-arm-1.tgz: Upgraded.
a/kernel-modules-versatile-3.2.5_versatile-arm-1.tgz: Upgraded.
a/kernel_kirkwood-3.2.5-arm-1.tgz: Upgraded.
a/kernel_tegra-3.2.5-arm-1.tgz: Upgraded.
a/kernel_versatile-3.2.5-arm-1.tgz: Upgraded.
ap/alsa-utils-1.0.25-arm-1.tgz: Upgraded.
ap/hplip-3.11.12-arm-1.tgz: Upgraded.
ap/sqlite-3.7.10-arm-1.tgz: Upgraded.
e/emacs-23.4-arm-1.tgz: Upgraded.
k/kernel-source-3.2.5-arm-1.tgz: Upgraded.
l/alsa-lib-1.0.25-arm-1.tgz: Upgraded.
l/alsa-oss-1.0.25-arm-1.tgz: Upgraded.
l/apr-util-1.4.1-arm-1.tgz: Upgraded.
l/seamonkey-solibs-2.7-arm-1.tgz: Upgraded.
n/httpd-2.2.22-arm-1.tgz: Upgraded.
*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton]
*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames]
*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
[Joe Orton]
*) SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256.
[Rainer Canavan <rainer-apache 7val com>]
*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton]
*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.
[Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
(* Security fix *)
n/php-5.3.10-arm-1.tgz: Upgraded.
Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830
(* Security fix *)
n/proftpd-1.3.4a-arm-1.tgz: Upgraded.
This update fixes a use-after-free() memory corruption error, and possibly other unspecified issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
(* Security fix *)
n/vsftpd-2.3.5-arm-1.tgz: Upgraded.
Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option
"chroot_local_user" must be set in /etc/vsftpd.conf.
Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-)
Nevertheless:
(* Security fix *)
xap/mozilla-firefox-9.0.1-arm-2.tgz: Rebuilt.
xap/mozilla-thunderbird-9.0.1-arm-1.tgz: Upgraded.
Firefox & Thunderbird version 10 were tried but both build for ARMv7 targets despite being configured to build for armv5te.
An example build failure is:
media/libtheora/lib/armloop-gnu.s:367: Error: selected processor does not support ARM mode `uqadd8 r14,r5,r2'
The build script for both are in
armedslack-current/source/xap/mozilla-{thunderbird,firefox}-10
If anybody knows how to build it for armv5te, please let me know!
A quick way to check whether there are any binaries compiled for ARMv7 is:
cd <package root dir>
find . -type f -print | while read file ; do
readelf -A "$file" 2>/dev/null | egrep -q "Tag_CPU.*7" && echo $file
done
xap/seamonkey-2.7-arm-1.tgz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
(* Security fix *)
isolinux/*: Rebuilt.
kernels/*: Upgraded.