From e833eebc98fb1e72bcd9821f5ad437d1e93f3adf Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Tue, 26 Jan 2021 21:20:58 +0000 Subject: Tue Jan 26 21:20:58 UTC 2021 ap/sudo-1.9.5p2-x86_64-1.txz: Upgraded. When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 (* Security fix *) d/binutils-2.36-x86_64-2.txz: Rebuilt. Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8: [PATCH] ELF: Don't generate unused section symbols This fixes building the kernel. l/loudmouth-1.5.4-x86_64-1.txz: Upgraded. n/autofs-5.1.7-x86_64-1.txz: Upgraded. n/dnsmasq-2.84-x86_64-1.txz: Upgraded. n/tin-2.4.5-x86_64-1.txz: Upgraded. xap/gparted-1.2.0-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-78.7.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964 (* Security fix *) --- source/n/tin/tin.SlackBuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source/n/tin/tin.SlackBuild') diff --git a/source/n/tin/tin.SlackBuild b/source/n/tin/tin.SlackBuild index 4556f849..53e983ee 100755 --- a/source/n/tin/tin.SlackBuild +++ b/source/n/tin/tin.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=tin VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-4} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then -- cgit v1.2.3