path: root/slackware64-current/ChangeLog.txt

Tue Nov  4 00:05:23 UTC 2014
ap/mariadb-5.5.40-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
  (* Security fix *)
l/seamonkey-solibs-2.30-x86_64-1.txz:  Upgraded.
n/php-5.4.34-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
  #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
  #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
  (* Security fix *)
xap/mozilla-firefox-33.0.2-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/seamonkey-2.30-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Wed Oct 29 18:21:12 UTC 2014
ap/moc-2.5.0-x86_64-1.txz:  Upgraded.
n/wget-1.16-x86_64-1.txz:  Upgraded.
  This update fixes a symlink vulnerability that could allow an attacker
  to write outside of the expected directory.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877
  (* Security fix *)
+--------------------------+
Sat Oct 25 04:30:31 UTC 2014
xap/gimp-2.8.14-x86_64-1.txz:  Upgraded.
+--------------------------+
Fri Oct 24 21:11:15 UTC 2014
a/glibc-solibs-2.20-x86_64-2.txz:  Rebuilt.
d/gcc-4.8.3-x86_64-2.txz:  Rebuilt.
  Patched bug pr61801, which caused some failures with glibc-2.20.
d/gcc-g++-4.8.3-x86_64-2.txz:  Rebuilt.
d/gcc-gfortran-4.8.3-x86_64-2.txz:  Rebuilt.
d/gcc-gnat-4.8.3-x86_64-2.txz:  Rebuilt.
d/gcc-go-4.8.3-x86_64-2.txz:  Rebuilt.
d/gcc-java-4.8.3-x86_64-2.txz:  Rebuilt.
d/gcc-objc-4.8.3-x86_64-2.txz:  Rebuilt.
l/glibc-2.20-x86_64-2.txz:  Rebuilt.
  Recompiled with patched gcc.
l/glibc-i18n-2.20-x86_64-2.txz:  Rebuilt.
l/glibc-profile-2.20-x86_64-2.txz:  Rebuilt.
+--------------------------+
Fri Oct 24 04:55:44 UTC 2014
a/glibc-solibs-2.20-x86_64-1.txz:  Upgraded.
a/glibc-zoneinfo-2014i-noarch-1.txz:  Upgraded.
  Upgraded to tzcode2014i and tzdata2014i.
l/glibc-2.20-x86_64-1.txz:  Upgraded.
  This update fixes several security issues, and adds an extra security
  hardening patch from Florian Weimer.  Thanks to mancha for help with
  tracking and backporting patches.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4424
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4412
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
  (* Security fix *)
l/glibc-i18n-2.20-x86_64-1.txz:  Upgraded.
l/glibc-profile-2.20-x86_64-1.txz:  Upgraded.
xap/pidgin-2.10.10-x86_64-1.txz:  Upgraded.
  This update fixes several security issues:
  Insufficient SSL certificate validation (CVE-2014-3694)
  Remote crash parsing malformed MXit emoticon (CVE-2014-3695)
  Remote crash parsing malformed Groupwise message (CVE-2014-3696)
  Malicious smiley themes could alter arbitrary files (CVE-2014-3697)
  Potential information leak from XMPP (CVE-2014-3698)
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3694
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3695
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3696
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3697
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3698
  (* Security fix *)
+--------------------------+
Tue Oct 21 02:10:33 UTC 2014
e/emacs-24.4-x86_64-1.txz:  Upgraded.
+--------------------------+
Mon Oct 20 22:21:45 UTC 2014
n/openssh-6.7p1-x86_64-1.txz:  Upgraded.
  This update fixes a security issue that allows remote servers to trigger
  the skipping of SSHFP DNS RR checking by presenting an unacceptable
  HostCertificate.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
  (* Security fix *)
+--------------------------+
Wed Oct 15 17:28:59 UTC 2014
a/openssl-solibs-1.0.1j-x86_64-1.txz:  Upgraded.
  (* Security fix *)
n/openssl-1.0.1j-x86_64-1.tx:  Upgraded.
  This update fixes several security issues:
  SRTP Memory Leak (CVE-2014-3513):
    A flaw in the DTLS SRTP extension parsing code allows an attacker, who
    sends a carefully crafted handshake message, to cause OpenSSL to fail
    to free up to 64k of memory causing a memory leak. This could be
    exploited in a Denial Of Service attack.
  Session Ticket Memory Leak (CVE-2014-3567):
    When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
    integrity of that ticket is first verified. In the event of a session
    ticket integrity check failing, OpenSSL will fail to free memory
    causing a memory leak. By sending a large number of invalid session
    tickets an attacker could exploit this issue in a Denial Of Service
    attack.
  SSL 3.0 Fallback protection:
    OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
    to block the ability for a MITM attacker to force a protocol
    downgrade.
    Some client applications (such as browsers) will reconnect using a
    downgraded protocol to work around interoperability bugs in older
    servers. This could be exploited by an active man-in-the-middle to
    downgrade connections to SSL 3.0 even if both sides of the connection
    support higher protocols. SSL 3.0 contains a number of weaknesses
    including POODLE (CVE-2014-3566).
  Build option no-ssl3 is incomplete (CVE-2014-3568):
    When OpenSSL is configured with "no-ssl3" as a build option, servers
    could accept and complete a SSL 3.0 handshake, and clients could be
    configured to send them.
  For more information, see:
    https://www.openssl.org/news/secadv_20141015.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
  (* Security fix *)
+--------------------------+
Tue Oct 14 23:45:01 UTC 2014
xap/mozilla-firefox-33.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-31.2.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+
Sun Oct  5 00:38:31 UTC 2014
a/elilo-3.16-x86_64-1.txz:  Upgraded.
  Thanks to fsLeg for the extra bit of sed that was needed to build the
  latest version.
+--------------------------+
Mon Sep 29 18:41:23 UTC 2014
a/bash-4.3.027-x86_64-1.txz:  Upgraded.
  Another bash update.  Here's some information included with the patch:
    "This patch changes the encoding bash uses for exported functions to avoid
    clashes with shell variables and to avoid depending only on an environment
    variable's contents to determine whether or not to interpret it as a shell
    function."
  After this update, an environment variable will not go through the parser
  unless it follows this naming structure:  BASH_FUNC_*%%
  Most scripts never expected to import functions from environment variables,
  so this change (although not backwards compatible) is not likely to break
  many existing scripts.  It will, however, close off access to the parser as
  an attack surface in the vast majority of cases.  There's already another
  vulnerability similar to CVE-2014-6271 for which there is not yet a fix,
  but this hardening patch prevents it (and likely many more similar ones).
  Thanks to Florian Weimer and Chet Ramey.
  (* Security fix *)
+--------------------------+
Sun Sep 28 23:07:39 UTC 2014
l/seamonkey-solibs-2.29.1-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-32.0.3-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-31.1.2-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.29.1-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Fri Sep 26 22:23:32 UTC 2014
a/bash-4.3.026-x86_64-1.txz:  Upgraded.
  This is essentially a rebuild as the preliminary patch for CVE-2014-7169
  has been accepted by upstream and is now signed.  This also bumps the
  patchlevel, making it easy to tell this is the fixed version.
  Possibly more changes to come, given the ongoing discussions on oss-sec.
+--------------------------+
Thu Sep 25 19:55:13 UTC 2014
a/bash-4.3.025-x86_64-2.txz:  Rebuilt.
  Patched an additional trailing string processing vulnerability discovered
  by Tavis Ormandy. 
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
  (* Security fix *)
ap/lxc-1.0.6-x86_64-1.txz:  Upgraded.
  Fixed bash completion file.  Thanks to dunric.
+--------------------------+
Wed Sep 24 22:52:53 UTC 2014
a/bash-4.3.025-x86_64-1.txz:  Upgraded.
  This update fixes a vulnerability in bash related to how environment
  variables are processed:  trailing code in function definitions was
  executed, independent of the variable name.  In many common configurations
  (such as the use of CGI scripts), this vulnerability is exploitable over
  the network.  Thanks to Stephane Chazelas for discovering this issue.
  For more information, see:
    http://seclists.org/oss-sec/2014/q3/650
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
  (* Security fix *)
l/mozilla-nss-3.16.5-x86_64-1.txz:  Upgraded.
  Fixed an RSA Signature Forgery vulnerability.
  For more information, see:
    https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
  (* Security fix *)
+--------------------------+
Tue Sep  9 22:48:58 UTC 2014
a/btrfs-progs-20140909-x86_64-1.txz:  Upgraded.
n/net-snmp-5.7.2.1-x86_64-1.txz:  Upgraded.
  Patched to properly report Btrfs mounts in hrFS/hrStorage tables.
  Thanks to Jakub Jankowski.
+--------------------------+
Tue Sep  9 18:01:05 UTC 2014
a/kernel-firmware-20140909git-noarch-1.txz:  Upgraded.
a/kernel-generic-3.14.18-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.18-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.18-x86_64-1.txz:  Upgraded.
d/kernel-headers-3.14.18-x86-1.txz:  Upgraded.
k/kernel-source-3.14.18-noarch-1.txz:  Upgraded.
l/seamonkey-solibs-2.29-x86_64-1.txz:  Upgraded.
xap/rdesktop-1.8.2-x86_64-1.txz:  Upgraded.
xap/seamonkey-2.29-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
  Use syslinux-nomtools on the installer.  Thanks to Didier Spaier.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
  Use syslinux-nomtools on the installer.  Thanks to Didier Spaier.
+--------------------------+
Thu Sep  4 19:43:25 UTC 2014
xap/mozilla-firefox-32.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-31.1.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
n/php-5.4.32-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
  (* Security fix *)
+--------------------------+
Thu Aug 28 23:17:47 UTC 2014
l/mozilla-nss-3.16.4-x86_64-1.txz:  Upgraded.
  Upgraded to nss-3.16.4 and nspr-4.10.7.
+--------------------------+
Mon Aug 25 22:02:08 UTC 2014
a/kernel-generic-3.14.17-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.17-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.17-x86_64-1.txz:  Upgraded.
a/libcgroup-0.41-x86_64-1.txz:  Upgraded.
d/kernel-headers-3.14.17-x86-1.txz:  Upgraded.
k/kernel-source-3.14.17-noarch-1.txz:  Upgraded.
  Changed these kernel options:
    CONNECTOR m -> y
   +PROC_EVENTS y
  Thanks to linuxxer.
l/freetype-2.5.3-x86_64-1.txz:  Upgraded.
n/tin-2.2.1-x86_64-1.txz:  Upgraded.
x/libxcb-1.11-x86_64-1.txz:  Upgraded.
x/mesa-10.2.6-x86_64-1.txz:  Upgraded.
  Upgraded to MesaLib-10.2.6 and mesa-demos-8.2.0.
x/xcb-proto-1.11-x86_64-1.txz:  Upgraded.
x/xf86-input-mouse-1.9.1-x86_64-1.txz:  Upgraded.
x/xf86-video-ast-1.0.1-x86_64-1.txz:  Upgraded.
x/xfs-1.1.4-x86_64-1.txz:  Upgraded.
x/xorg-server-1.15.2-x86_64-2.txz:  Rebuilt.
  Added these explicit options for all X servers:
  --enable-kdrive-evdev --enable-kdrive-kbd --enable-kdrive-mouse
  Thanks to Dinithion.
x/xorg-server-xephyr-1.15.2-x86_64-2.txz:  Rebuilt.
x/xorg-server-xnest-1.15.2-x86_64-2.txz:  Rebuilt.
x/xorg-server-xvfb-1.15.2-x86_64-2.txz:  Rebuilt.
x/xrandr-1.4.3-x86_64-1.txz:  Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.4.4-x86_64-2.txz:  Rebuilt.
  Fix ABI mismatch.  Thanks to dr.s.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Fri Aug  8 19:02:50 UTC 2014
Welcome pi kernel!  Unless we reach kernel 3.14.159, this is probably the best
approximation we're going to get.  :-)
a/kernel-firmware-20140807git-noarch-1.txz:  Upgraded.
a/kernel-generic-3.14.16-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.16-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.16-x86_64-1.txz:  Upgraded.
a/openssl-solibs-1.0.1i-x86_64-1.txz:  Upgraded.
  (* Security fix *)
d/kernel-headers-3.14.16-x86-1.txz:  Upgraded.
k/kernel-source-3.14.16-noarch-1.txz:  Upgraded.
n/openssl-1.0.1i-x86_64-1.txz:  Upgraded.
  This update fixes several security issues:
  Double Free when processing DTLS packets (CVE-2014-3505)
  DTLS memory exhaustion (CVE-2014-3506)
  DTLS memory leak from zero-length fragments (CVE-2014-3507)
  Information leak in pretty printing functions (CVE-2014-3508)
  Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
  OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
  OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
  SRP buffer overrun (CVE-2014-3512)
  Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
  For more information, see:
    https://www.openssl.org/news/secadv_20140806.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Mon Aug  4 20:55:26 UTC 2014
a/gpm-1.20.7-x86_64-3.txz:  Rebuilt.
  Removed the mouse-t.el file, which is older than the version in Emacs.
  Thanks to Richard Cranium.
+--------------------------+
Fri Aug  1 21:13:18 UTC 2014
n/dhcpcd-6.0.5-x86_64-3.txz:  Rebuilt.
  This update fixes a security issue where a specially crafted packet
  received from a malicious DHCP server causes dhcpcd to enter an infinite
  loop causing a denial of service.
  Thanks to Tobias Stoeckmann for the bug report.
  (* Security fix *)
n/samba-4.1.11-x86_64-1.txz:  Upgraded.
  This update fixes a remote code execution attack on unauthenticated nmbd
  NetBIOS name services.  A malicious browser can send packets that may
  overwrite the heap of the target nmbd NetBIOS name services daemon.
  It may be possible to use this to generate a remote code execution
  vulnerability as the superuser (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560
  (* Security fix *)
xap/xscreensaver-5.29-x86_64-2.txz:  Rebuilt.
  Disabled nag screen that says "This version of XScreenSaver is very old!
  Please upgrade!" when the age of the software exceeds 12 months.
+--------------------------+
Wed Jul 30 00:08:00 UTC 2014
d/gdb-7.8-x86_64-1.txz:  Upgraded.
d/guile-2.0.11-x86_64-1.txz:  Upgraded.
x/libXext-1.3.3-x86_64-1.txz:  Upgraded.
x/libXi-1.7.4-x86_64-1.txz:  Upgraded.
x/xf86-video-intel-2.99.914-x86_64-1.txz:  Upgraded.
x/xterm-310-x86_64-1.txz:  Upgraded.
+--------------------------+
Wed Jul 23 23:00:34 UTC 2014
a/kernel-generic-3.14.13-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.13-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.13-x86_64-1.txz:  Upgraded.
ap/nano-2.3.6-x86_64-1.txz:  Upgraded.
d/kernel-headers-3.14.13-x86-1.txz:  Upgraded.
e/emacs-24.3-x86_64-4.txz:  Rebuilt.
  Renamed ctags manpage that conflicts with Exuberant Ctags.  Thanks to Jim.
k/kernel-source-3.14.13-noarch-1.txz:  Upgraded.
n/httpd-2.4.10-x86_64-1.txz:  Upgraded.
  This update fixes the following security issues:
  *) SECURITY: CVE-2014-0117 (cve.mitre.org)
     mod_proxy: Fix crash in Connection header handling which
     allowed a denial of service attack against a reverse proxy
     with a threaded MPM.  [Ben Reser]
  *) SECURITY: CVE-2014-0118 (cve.mitre.org)
     mod_deflate: The DEFLATE input filter (inflates request bodies) now
     limits the length and compression ratio of inflated request bodies to
     avoid denial of sevice via highly compressed bodies.  See directives
     DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
     and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
  *) SECURITY: CVE-2014-0226 (cve.mitre.org)
     Fix a race condition in scoreboard handling, which could lead to
     a heap buffer overflow.  [Joe Orton, Eric Covener]
  *) SECURITY: CVE-2014-0231 (cve.mitre.org)
     mod_cgid: Fix a denial of service against CGI scripts that do
     not consume stdin that could lead to lingering HTTPD child processes
     filling up the scoreboard and eventually hanging the server.  By
     default, the client I/O timeout (Timeout directive) now applies to
     communication with scripts.  The CGIDScriptTimeout directive can be
     used to set a different timeout for communication with scripts.
     [Rainer Jung, Eric Covener, Yann Ylavic]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
  (* Security fix *)
xap/mozilla-firefox-31.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-31.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Sun Jul 20 05:00:36 UTC 2014
x/mesa-10.2.4-x86_64-1.txz:  Upgraded.
  Added --with-egl-platforms="drm,x11".  Without this, the EGL support for drm
  is not built leading to crashes with newer radeon hardware.
  Thanks to sberthelot and Robby Workman.
+--------------------------+
Wed Jul 16 05:31:30 UTC 2014
x/xf86-video-intel-2.99.912-x86_64-1.txz:  Upgraded.
  Looks like the stable driver won't compile with the new xorg-server, so
  we'll try this one.
+--------------------------+
Tue Jul 15 23:53:10 UTC 2014
Enjoy some new X related updates!  Thanks to Robby Workman for lots of help
on the X.Org upgrades, and to alienBOB for an earlier SlackBuild for Motif
that I used as a reference for configure options and other fixes.
You can blame me for picking xorg-server-1.15.2 over xorg-server-1.14.7.  ;-)
If you're using a proprietary video driver you'll probably need to recompile it
for the new X server...  if you can.
ap/linuxdoc-tools-0.9.69-x86_64-2.txz:  Rebuilt.
  Renamed /usr/bin/sgmlspl.pl back to /usr/bin/sgmlspl.
  Thanks to Matteo Bernardini for the report.
ap/lxc-1.0.5-x86_64-1.txz:  Upgraded.
d/automake-1.14.1-noarch-1.txz:  Upgraded.
d/llvm-3.4.2-x86_64-1.txz:  Upgraded.
kde/calligra-2.8.5-x86_64-1.txz:  Upgraded.
kdei/calligra-l10n-bs-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ca-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ca\@valencia-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-cs-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-da-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-de-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-el-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-en_GB-2.8.5-noarch-1.txz:  Added.
kdei/calligra-l10n-es-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-et-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-eu-2.8.5-noarch-1.txz:  Added.
kdei/calligra-l10n-fi-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-fr-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-gl-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-hu-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ia-2.7.5-noarch-1.txz:  Removed.
kdei/calligra-l10n-it-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ja-2.8.5-noarch-1.txz:  Added.
kdei/calligra-l10n-kk-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nb-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nds-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nl-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pl-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pt-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pt_BR-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ru-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-sk-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-sl-2.7.5-noarch-1.txz:  Removed.
kdei/calligra-l10n-sv-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-tr-2.7.5-noarch-1.txz:  Removed.
kdei/calligra-l10n-uk-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-zh_CN-2.8.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-zh_TW-2.8.5-noarch-1.txz:  Upgraded.
l/lesstif-0.95.2-x86_64-1.txz:  Removed.
  LessTif is making way for real Motif.
  Thanks to the Hungry Programmers for a great run.  :-)
t/tetex-3.0-x86_64-9.txz:  Rebuilt.
  Recompiled /usr/bin/xdvi-motif.bin against Motif.
x/dri3proto-1.0-x86_64-1.txz:  Added.
x/fontconfig-2.11.1-x86_64-1.txz:  Upgraded.
x/freeglut-2.8.1-x86_64-1.txz:  Upgraded.
x/gccmakedep-1.0.3-noarch-1.txz:  Upgraded.
x/glamor-egl-0.6.0-x86_64-1.txz:  Added.
x/glew-1.10.0-x86_64-1.txz:  Upgraded.
x/glproto-1.4.17-noarch-1.txz:  Upgraded.
x/imake-1.0.7-x86_64-1.txz:  Upgraded.
x/inputproto-2.3.1-noarch-1.txz:  Upgraded.
x/libFS-1.0.6-x86_64-1.txz:  Upgraded.
x/libICE-1.0.9-x86_64-1.txz:  Upgraded.
x/libXfont-1.4.8-x86_64-1.txz:  Upgraded.
x/libXft-2.3.2-x86_64-1.txz:  Upgraded.
x/libXi-1.7.3-x86_64-1.txz:  Upgraded.
x/libdrm-2.4.54-x86_64-1.txz:  Upgraded.
x/libevdev-1.2-x86_64-1.txz:  Added.
x/libxcb-1.10-x86_64-1.txz:  Upgraded.
x/libxshmfence-1.1-x86_64-1.txz:  Added.
x/makedepend-1.0.5-x86_64-1.txz:  Upgraded.
x/mesa-10.1.5-x86_64-1.txz:  Upgraded.
x/motif-2.3.4-x86_64-1.txz:  Added.
x/mtdev-1.1.5-x86_64-1.txz:  Upgraded.
x/pixman-0.32.6-x86_64-1.txz:  Upgraded.
x/presentproto-1.0-x86_64-1.txz:  Added.
x/util-macros-1.19.0-noarch-1.txz:  Upgraded.
x/xauth-1.0.9-x86_64-1.txz:  Upgraded.
x/xcb-proto-1.10-x86_64-1.txz:  Upgraded.
x/xcb-util-cursor-0.1.1-x86_64-1.txz:  Upgraded.
x/xcb-util-renderutil-0.3.9-x86_64-1.txz:  Upgraded.
x/xcb-util-wm-0.4.1-x86_64-1.txz:  Upgraded.
x/xcursorgen-1.0.6-x86_64-1.txz:  Upgraded.
x/xdg-user-dirs-0.15-x86_64-1.txz:  Upgraded.
x/xextproto-7.3.0-x86_64-1.txz:  Upgraded.
x/xf86-input-acecad-1.5.0-x86_64-6.txz:  Rebuilt.
x/xf86-input-aiptek-1.4.1-x86_64-6.txz:  Rebuilt.
x/xf86-input-evdev-2.9.0-x86_64-1.txz:  Upgraded.
x/xf86-input-joystick-1.6.1-x86_64-6.txz:  Rebuilt.
x/xf86-input-keyboard-1.8.0-x86_64-1.txz:  Upgraded.
x/xf86-input-mouse-1.9.0-x86_64-4.txz:  Rebuilt.
x/xf86-input-penmount-1.5.0-x86_64-6.txz:  Rebuilt.
x/xf86-input-synaptics-1.8.0-x86_64-1.txz:  Upgraded.
x/xf86-input-vmmouse-13.0.0-x86_64-5.txz:  Rebuilt.
x/xf86-input-void-1.4.0-x86_64-6.txz:  Rebuilt.
x/xf86-input-wacom-0.19.0-x86_64-5.txz:  Rebuilt.
x/xf86-video-apm-1.2.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-ark-0.7.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-ast-0.99.9-x86_64-1.txz:  Upgraded.
x/xf86-video-ati-7.4.0-x86_64-1.txz:  Upgraded.
x/xf86-video-chips-1.2.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-cirrus-1.5.2-x86_64-5.txz:  Rebuilt.
x/xf86-video-dummy-0.3.7-x86_64-2.txz:  Rebuilt.
x/xf86-video-glint-1.2.8-x86_64-5.txz:  Rebuilt.
x/xf86-video-i128-1.3.6-x86_64-5.txz:  Rebuilt.
x/xf86-video-i740-1.3.4-x86_64-5.txz:  Rebuilt.
x/xf86-video-mach64-6.9.4-x86_64-5.txz:  Rebuilt.
x/xf86-video-mga-1.6.3-x86_64-1.txz:  Upgraded.
x/xf86-video-modesetting-0.9.0-x86_64-1.txz:  Upgraded.
x/xf86-video-neomagic-1.2.8-x86_64-3.txz:  Rebuilt.
x/xf86-video-nouveau-1.0.10-x86_64-1.txz:  Upgraded.
x/xf86-video-nv-2.1.20-x86_64-6.txz:  Rebuilt.
x/xf86-video-openchrome-0.3.3-x86_64-3.txz:  Rebuilt.
x/xf86-video-r128-6.9.2-x86_64-2.txz:  Rebuilt.
x/xf86-video-rendition-4.2.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-s3-0.6.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-s3virge-1.10.6-x86_64-6.txz:  Rebuilt.
x/xf86-video-savage-2.3.7-x86_64-2.txz:  Rebuilt.
x/xf86-video-siliconmotion-1.7.7-x86_64-6.txz:  Rebuilt.
x/xf86-video-sis-0.10.7-x86_64-5.txz:  Rebuilt.
x/xf86-video-sisusb-0.9.6-x86_64-5.txz:  Rebuilt.
x/xf86-video-tdfx-1.4.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-tga-1.2.2-x86_64-5.txz:  Rebuilt.
x/xf86-video-trident-1.3.6-x86_64-5.txz:  Rebuilt.
x/xf86-video-tseng-1.2.5-x86_64-5.txz:  Rebuilt.
x/xf86-video-v4l-0.2.0-x86_64-10.txz:  Rebuilt.
x/xf86-video-vesa-2.3.3-x86_64-2.txz:  Rebuilt.
x/xf86-video-vmware-13.0.2-x86_64-1.txz:  Upgraded.
x/xf86-video-voodoo-1.2.5-x86_64-6.txz:  Rebuilt.
x/xf86-video-xgi-git_be3abf8570a-x86_64-5.txz:  Rebuilt.
x/xf86-video-xgixp-1.8.1-x86_64-5.txz:  Rebuilt.
x/xkeyboard-config-2.11-noarch-1.txz:  Upgraded.
x/xorg-cf-files-1.0.5-noarch-1.txz:  Upgraded.
x/xorg-server-1.15.2-x86_64-1.txz:  Upgraded.
x/xorg-server-xephyr-1.15.2-x86_64-1.txz:  Upgraded.
x/xorg-server-xnest-1.15.2-x86_64-1.txz:  Upgraded.
x/xorg-server-xvfb-1.15.2-x86_64-1.txz:  Upgraded.
x/xproto-7.0.26-noarch-1.txz:  Upgraded.
x/xrandr-1.4.2-x86_64-1.txz:  Upgraded.
x/xscope-1.4.1-x86_64-1.txz:  Upgraded.
x/xterm-309-x86_64-1.txz:  Upgraded.
x/xtrans-1.3.4-noarch-1.txz:  Upgraded.
xap/ddd-3.3.12-x86_64-3.txz:  Rebuilt.
  Recompiled against Motif.
xap/xpdf-3.04-x86_64-1.txz:  Upgraded.
+--------------------------+
Sat Jul 12 17:34:47 UTC 2014
ap/nano-2.3.5-x86_64-2.txz:  Rebuilt.
  Provide --datadir to ./configure to work around a bug that installed the
  locale files in the wrong directory.
  Thanks to Wim Speekenbrink.
+--------------------------+
Sat Jul 12 02:24:10 UTC 2014
a/bash-4.3.018-x86_64-1.txz:  Upgraded.
a/kernel-firmware-20140710git-noarch-1.txz:  Upgraded.
a/kernel-generic-3.14.12-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.12-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.12-x86_64-1.txz:  Upgraded.
a/shadow-4.2.1-x86_64-1.txz:  Upgraded.
  This adds support for subuid and subgid needed for unprivileged containers.
  Thanks to Christoph Willing.
ap/cgmanager-20140710_986cd44-x86_64-1.txz:  Added.
  Thanks to Matteo Bernardini.
ap/linuxdoc-tools-0.9.69-x86_64-1.txz:  Upgraded.
  Thanks to Stuart Winter.
ap/lxc-1.0.3-x86_64-1.txz:  Upgraded.
  This adds a template for for lxc-create to create a minimal Slackware
  container using slackpkg.  For example, this will create a container
  named "current":
    lxc-create -n current -t slackware
  There's an rc.lxc init script added to autorun/autostop containers, but it's
  not currently hooked in to the main init scripts, so if you want to use it
  you'll need to add it to your rc.local and rc.local_shutdown (and make it
  executable).  The script will look for "lxc.start.auto = 1" in the container
  config file to determine if a container should be autostarted (1) or not (0).
  Thanks to Matteo Bernardini.
ap/lzip-1.15-x86_64-1.txz:  Added.
ap/nano-2.3.5-x86_64-1.txz:  Upgraded.
ap/slackpkg-2.82.0-noarch-13.tgz:  Rebuilt.
   Patched to support $ROOT and $CONF environment variables.
   Thanks to Matteo Bernardini.
d/gnu-cobol-1.1-x86_64-1.txz:  Added.
d/kernel-headers-3.14.12-x86-1.txz:  Upgraded.
d/open-cobol-1.1-x86_64-2.txz:  Removed.
  This project has been renamed GNU Cobol.
d/slacktrack-2.16-x86_64-1.txz:  Upgraded.
  Thanks to Stuart Winter.
k/kernel-source-3.14.12-noarch-1.txz:  Upgraded.
  Added back CONFIG_USER_NS=y now that it no longer conflicts with XFS.
  Thanks to Christoph Willing.
l/libnih-1.0.3-x86_64-1.txz:  Added.
  Thanks to Matteo Bernardini.
l/taglib-1.9.1-x86_64-1.txz:  Upgraded.
  Linked with -lstdc++.  Thanks to comet.berkeley.
n/php-5.4.30-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
  (* Security fix *)
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
testing/source/config-testing-3.15.5/*:  Added.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Tue Jun 24 22:35:07 UTC 2014
ap/man-1.6g-x86_64-2.txz:  Rebuilt.
  Moved config file to /etc.
ap/man-pages-3.69-noarch-1.txz:  Upgraded.
l/seamonkey-solibs-2.26.1-x86_64-1.txz:  Upgraded.
n/bind-9.9.5_P1-x86_64-1.txz:  Upgraded.
  This fixes security issues and other bugs.  Please note that the first
  CVE only affects Windows, and the second one was claimed to be fixed by
  an earlier version of BIND.  But we'll update anyway just in case.  :-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6230
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)
n/gnupg-1.4.17-x86_64-1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
n/gnupg2-2.0.24-x86_64-1.txz:  Upgraded.
  This release includes a security fix to stop a denial of service using
  garbled compressed data packets which can be used to put gpg into an
  infinite loop.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4617
  (* Security fix *)
n/samba-4.1.9-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues, including a flaw in Samba's
  internal DNS server which can be exploited to cause a denial of service,
  a flaw in SRV_SNAPSHOT_ARRAY that permits attackers to leverage
  configurations that use shadow_copy* for vfs objects to reveal potentially
  private server information, a denial of service on the nmbd NetBIOS name
  services daemon, and a denial of service crash involving overwriting
  memory on an authenticated connection to the smbd file server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
  (* Security fix *)
xap/seamonkey-2.26.1-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
testing/packages/bind-9.10.0_P2-x86_64-1.txz:  Added.
+--------------------------+
Tue Jun 17 22:19:30 UTC 2014
l/ncurses-5.9-x86_64-3.txz:  Rebuilt.
  Applied upstream patch ncurses-5.9-20140308-patch.sh.
  Thanks to comet.berkeley.
n/yptools-2.14-x86_64-3.txz:  Rebuilt.
  Corrected yppasswd patch that was causing password changes to fail.
  Thanks to Henrik Carlqvist.
xap/xscreensaver-5.29-x86_64-1.txz:  Upgraded.
+--------------------------+
Thu Jun 12 05:11:52 UTC 2014
ap/ddrescue-1.18.1-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-30.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.6.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+
Mon Jun  9 20:16:02 UTC 2014
n/php-5.4.29-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues, including a possible denial
  of service, and an issue where insecure default permissions on the FPM
  socket may allow local users to run arbitrary code as the apache user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
  (* Security fix *)
+--------------------------+
Fri Jun  6 04:27:01 UTC 2014
a/openssl-solibs-1.0.1h-x86_64-1.txz:  Upgraded.
  (* Security fix *)
ap/nano-2.3.4-x86_64-1.txz:  Upgraded.
l/libtasn1-3.6-x86_64-1.txz:  Upgraded.
  Multiple security issues have been corrected in the libtasn1 library.
  These errors allow a remote attacker to cause a denial of service, or
  possibly to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)
n/gnutls-3.2.15-x86_64-1.txz:  Upgraded.
  A security issue has been corrected in gnutls.  This vulnerability
  affects the client side of the gnutls library.  A server that sends
  a specially crafted ServerHello could corrupt the memory of a requesting
  client.  This may allow a remote attacker to execute arbitrary code.
  Additional vulnerabilities in the embedded libtasn1 library have also
  been patched.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3465
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469
  (* Security fix *)
n/irssi-0.8.16-x86_64-1.txz:  Upgraded.
n/openssl-1.0.1h-x86_64-1.txz:  Upgraded.
  Multiple security issues have been corrected, including a possible
  man-in-the-middle attack where weak keying material is forced, denial
  of service, and the execution of arbitrary code.
  For more information, see:
    http://www.openssl.org/news/secadv_20140605.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
  (* Security fix *)
n/sendmail-8.14.9-x86_64-1.txz:  Upgraded.
  This release fixes one security related bug by properly closing file
  descriptors (except stdin, stdout, and stderr) before executing programs.
  This bug could enable local users to interfere with an open SMTP
  connection if they can execute their own program for mail delivery
  (e.g., via procmail or the prog mailer).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956
  (* Security fix *)
n/sendmail-cf-8.14.9-noarch-1.txz:  Upgraded.
+--------------------------+
Sun Jun  1 19:48:54 UTC 2014
a/gawk-4.1.1-x86_64-2.txz:  Rebuilt.
  Removed pgawk.1.gz symlink in man1 since pgawk no longer exists.
  Compressed the man pages in man3.
a/kernel-generic-3.14.5-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.5-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.5-x86_64-1.txz:  Upgraded.
ap/mariadb-5.5.37-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
  (* Security fix *)
ap/nano-2.3.3-x86_64-1.txz:  Upgraded.
d/gcc-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-g++-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-gfortran-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-gnat-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-go-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-java-4.8.3-x86_64-1.txz:  Upgraded.
d/gcc-objc-4.8.3-x86_64-1.txz:  Upgraded.
d/kernel-headers-3.14.5-x86-1.txz:  Upgraded.
d/make-3.82-x86_64-5.txz:  Rebuilt.
  Patched to fix a bug with parallel builds.
  Thanks to Danny Schmarsel.
k/kernel-source-3.14.5-noarch-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Tue May 13 22:31:28 UTC 2014
l/libelf-0.8.13-x86_64-4.txz:  Rebuilt.
  Use -D_FILE_OFFSET_BITS=64 on 32-bit x86 (needed for Chromium).
  Requested by alienBOB.  :-)
+--------------------------+
Tue May 13 20:25:35 UTC 2014
a/kernel-generic-3.14.4-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.4-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.4-x86_64-1.txz:  Upgraded.
d/gdb-7.7.1-x86_64-1.txz:  Upgraded.
d/kernel-headers-3.14.4-x86-1.txz:  Upgraded.
k/kernel-source-3.14.4-noarch-1.txz:  Upgraded.
  Disabled CONFIG_DEBUG_KERNEL, which had the effect of turning off seven
  other kernel debugging options.  Besides fixing the nVidia issues, I wonder
  if getting rid of this stuff will speed the kernel up?
l/libelf-0.8.13-x86_64-3.txz:  Rebuilt.
  Symlink headers to /usr/include, since Mesa wants them there.
  Thanks to Robby Workman.
xap/ddd-3.3.12-x86_64-2.txz:  Rebuilt.
  Patched to fix the machine code view.  Thanks to Christopher Oliver.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Mon May 12 02:24:36 UTC 2014
l/seamonkey-solibs-2.26-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-29.0.1-x86_64-1.txz:  Upgraded.
xap/seamonkey-2.26-x86_64-1.tx:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Fri May  9 01:47:42 UTC 2014
a/glibc-solibs-2.19-x86_64-1.txz:  Upgraded.
a/glibc-zoneinfo-2014b-noarch-1.txz:  Upgraded.
a/kernel-firmware-20140506git-noarch-1.txz:  Upgraded.
a/kernel-generic-3.14.3-x86_64-1.txz:  Upgraded.
a/kernel-huge-3.14.3-x86_64-1.txz:  Upgraded.
a/kernel-modules-3.14.3-x86_64-1.txz:  Upgraded.
d/binutils-2.24.51.0.3-x86_64-1.txz:  Upgraded.
d/gcc-4.8.2-x86_64-2.txz:  Rebuilt.
  Include libiberty.a since that's no longer in the binutils package.
d/gcc-g++-4.8.2-x86_64-2.txz:  Rebuilt.
d/gcc-gfortran-4.8.2-x86_64-2.txz:  Rebuilt.
d/gcc-gnat-4.8.2-x86_64-2.txz:  Rebuilt.
d/gcc-go-4.8.2-x86_64-2.txz:  Rebuilt.
d/gcc-java-4.8.2-x86_64-2.txz:  Rebuilt.
d/gcc-objc-4.8.2-x86_64-2.txz:  Rebuilt.
d/kernel-headers-3.14.3-x86-1.txz:  Upgraded.
d/oprofile-0.9.7-x86_64-5.txz:  Rebuilt.
k/kernel-source-3.14.3-noarch-1.txz:  Upgraded.
l/glibc-2.19-x86_64-1.txz:  Upgraded.
l/glibc-i18n-2.19-x86_64-1.txz:  Upgraded.
l/glibc-profile-2.19-x86_64-1.txz:  Upgraded.
n/libnftnl-1.0.1-x86_64-1.txz:  Added.
n/nftables-0.2-x86_64-1.txz:  Added.
extra/bash-completion/bash-completion-2.1-noarch-2.txz:  Rebuilt.
  Patched to fix an issue with bash-4.3.  Thanks to ponce.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Tue Apr 29 23:35:59 UTC 2014
ap/screen-4.2.1-x86_64-1.txz:  Upgraded.
l/qt-4.8.6-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-29.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.5.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
+--------------------------+
Tue Apr 22 17:31:48 UTC 2014
a/bash-4.3.011-x86_64-1.txz:  Upgraded.
a/gawk-4.1.1-x86_64-1.txz:  Upgraded.
a/grep-2.18-x86_64-1.txz:  Upgraded.
ap/vim-7.4.258-x86_64-1.txz:  Upgraded.
n/openssh-6.6p1-x86_64-2.txz:  Rebuilt.
  Fixed a bug with curve25519-sha256 that caused a key exchange failure in
  about 1 in 512 connection attempts.
xap/vim-gvim-7.4.258-x86_64-1.txz:  Upgraded.
+--------------------------+
Mon Apr 21 20:09:48 UTC 2014
l/libyaml-0.1.6-x86_64-1.txz:  Upgraded.
  This update fixes a heap overflow in URI escape parsing of YAML in Ruby,
  where a specially crafted string could cause a heap overflow leading to
  arbitrary code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
    https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
  (* Security fix *)
n/php-5.4.27-x86_64-1.txz:  Upgraded.
  This update fixes a security issue in the in the awk script detector
  which allows context-dependent attackers to cause a denial of service
  (CPU consumption) via a crafted ASCII file that triggers a large amount
  of backtracking.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
  (* Security fix *)
+--------------------------+
Tue Apr  8 14:19:51 UTC 2014
a/openssl-solibs-1.0.1g-x86_64-1.txz:  Upgraded.
n/openssl-1.0.1g-x86_64-1.txz:  Upgraded.
  This update fixes two security issues:
  A missing bounds check in the handling of the TLS heartbeat extension
  can be used to reveal up to 64k of memory to a connected client or server.
  Thanks for Neel Mehta of Google Security for discovering this bug and to
  Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
  preparing the fix.
  Fix for the attack described in the paper "Recovering OpenSSL
  ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
  by Yuval Yarom and Naomi Benger. Details can be obtained from:
  http://eprint.iacr.org/2014/140
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
  (* Security fix *)
+--------------------------+
Mon Mar 31 20:30:28 UTC 2014
l/apr-1.5.0-x86_64-1.txz:  Upgraded.
l/apr-util-1.5.3-x86_64-1.txz:  Upgraded.
n/httpd-2.4.9-x86_64-2.txz:  Rebuilt.
  Recompiled against new apr/apr-util to restore missing mod_mpm_event.so.
+--------------------------+
Fri Mar 28 03:43:11 UTC 2014
l/mozilla-nss-3.16-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  The cert_TestHostName function in lib/certdb/certdb.c in the 
  certificate-checking implementation in Mozilla Network Security Services
  (NSS) before 3.16 accepts a wildcard character that is embedded in an
  internationalized domain name's U-label, which might allow man-in-the-middle
  attackers to spoof SSL servers via a crafted certificate.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
  (* Security fix *)
l/seamonkey-solibs-2.25-x86_64-1.txz:  Upgraded.
n/curl-7.36.0-x86_64-1.txz:  Upgraded.
  This update fixes four security issues.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140326A.html
    http://curl.haxx.se/docs/adv_20140326B.html
    http://curl.haxx.se/docs/adv_20140326C.html
    http://curl.haxx.se/docs/adv_20140326D.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2522
  (* Security fix *)
n/httpd-2.4.9-x86_64-1.txz:  Upgraded.
  This update addresses two security issues.
  Segfaults with truncated cookie logging. mod_log_config:  Prevent segfaults
    when logging truncated cookies.  Clean up the cookie logging parser to
    recognize only the cookie=value pairs, not valueless cookies.
  mod_dav:  Keep track of length of cdata properly when removing leading
    spaces. Eliminates a potential denial of service from specifically crafted
    DAV WRITE requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
  (* Security fix *)
n/openssh-6.6p1-x86_64-1.txz:  Upgraded.
  This update fixes a security issue when using environment passing with
  a sshd_config(5) AcceptEnv pattern with a wildcard.  OpenSSH could be
  tricked into accepting any environment variable that contains the
  characters before the wildcard character.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
  (* Security fix *)
n/tin-2.2.0-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-28.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.4.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.25-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Sun Mar 16 02:52:28 UTC 2014
n/php-5.4.26-x86_64-1.txz:  Upgraded.
  This update fixes a flaw where a specially crafted data file may cause a
  segfault or 100% CPU consumption when a web page uses fileinfo() on it.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
  (* Security fix *)
+--------------------------+
Fri Mar 14 00:44:48 UTC 2014
n/samba-4.1.6-x86_64-1.txz:  Upgraded.
  This update fixes two security issues:
  CVE-2013-4496:
  Samba versions 3.4.0 and above allow the administrator to implement
  locking out Samba accounts after a number of bad password attempts.
  However, all released versions of Samba did not implement this check for
  password changes, such as are available over multiple SAMR and RAP
  interfaces, allowing password guessing attacks.
  CVE-2013-6442:
  Samba versions 4.0.0 and above have a flaw in the smbcacls command. If
  smbcacls is used with the "-C|--chown name" or "-G|--chgrp name"
  command options it will remove the existing ACL on the object being
  modified, leaving the file or directory unprotected.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
  (* Security fix *)
+--------------------------+
Thu Mar 13 03:32:38 UTC 2014
n/mutt-1.5.23-x86_64-1.txz:  Upgraded.
  This update fixes a buffer overflow where malformed RFC2047 header
  lines could result in denial of service or potentially the execution
  of arbitrary code as the user running mutt.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
  (* Security fix *)
+--------------------------+
Tue Mar 11 07:06:18 UTC 2014
a/udisks-1.0.5-x86_64-1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
a/udisks2-2.1.3-x86_64-1.txz:  Upgraded.
  This update fixes a stack-based buffer overflow when handling long path
  names.  A malicious, local user could use this flaw to create a
  specially-crafted directory structure that could lead to arbitrary code
  execution with the privileges of the udisks daemon (root).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
  (* Security fix *)
+--------------------------+
Thu Mar  6 04:14:23 UTC 2014
ap/sudo-1.8.9p5-x86_64-1.txz:  Upgraded.
+--------------------------+
Mon Mar  3 23:32:18 UTC 2014
n/gnutls-3.1.22-x86_64-1.txz:  Upgraded.
  Fixed a security issue where a specially crafted certificate could
  bypass certificate validation checks.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
  (* Security fix *)
+--------------------------+
Thu Feb 27 20:43:28 UTC 2014
d/subversion-1.7.16-x86_64-1.txz:  Upgraded.
  Fix denial of service bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032
  (* Security fix *)
+--------------------------+
Thu Feb 20 00:30:49 UTC 2014
a/kernel-firmware-20140215git-noarch-1.txz:  Upgraded.
a/kernel-generic-3.10.30-x86_64-1.txz:  Upgraded.
  These are new kernels that fix CVE-2014-0038, a bug that can allow local
  users to gain a root shell.
  Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
  packages, or on UEFI systems, copy the appropriate kernel to
  /boot/efi/EFI/Slackware/vmlinuz).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
  (* Security fix *)
a/kernel-huge-3.10.30-x86_64-1.txz:  Upgraded.
  These are new kernels that fix CVE-2014-0038, a bug that can allow local
  users to gain a root shell.
  Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
  packages, or on UEFI systems, copy the appropriate kernel to
  /boot/efi/EFI/Slackware/vmlinuz).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
  (* Security fix *)
a/kernel-modules-3.10.30-x86_64-1.txz:  Upgraded.
a/shadow-4.1.5.1-x86_64-3.txz:  Rebuilt.
  Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
  (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
  case via a TIOCNOTTY request.  Bi-directional protection is excessive
  and breaks a commonly-used methods for privilege escalation on non-PAM
  systems (e.g. xterm -e /bin/su -s /bin/bash -c /bin/bash myscript).
  This update relaxes the restriction and only detaches the controlling
  tty when the callee is not root (which is, after all, the threat vector).
  Thanks to mancha for the patch (and the above information).
ap/mariadb-5.5.35-x86_64-1.txz:  Upgraded.
  This update fixes a buffer overflow in the mysql command line client which
  may allow malicious or compromised database servers to cause a denial of
  service (crash) and possibly execute arbitrary code via a long server
  version string.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
  (* Security fix *)
d/kernel-headers-3.10.30-x86-1.txz:  Upgraded.
k/kernel-source-3.10.30-noarch-1.txz:  Upgraded.
  These are new kernels that fix CVE-2014-0038, a bug that can allow local
  users to gain a root shell.
  Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
  packages, or on UEFI systems, copy the appropriate kernel to
  /boot/efi/EFI/Slackware/vmlinuz).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
  (* Security fix *)
n/gnutls-3.1.21-x86_64-1.txz:  Upgraded.
  This update fixes a flaw where a version 1 intermediate certificate would be
  considered as a CA certificate by GnuTLS by default.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
  (* Security fix *)
xap/mozilla-firefox-27.0.1-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
+--------------------------+
Thu Feb 13 23:45:53 UTC 2014
n/curl-7.35.0-x86_64-1.txz:  Upgraded.
  This update fixes a flaw where libcurl could, in some circumstances, reuse
  the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS
  request.
  For more information, see:
    http://curl.haxx.se/docs/adv_20140129.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
  (* Security fix *)
n/ntp-4.2.6p5-x86_64-5.txz:  Rebuilt.
  All stable versions of NTP remain vulnerable to a remote attack where the
  "ntpdc -c monlist" command can be used to amplify network traffic as part
  of a denial of service attack.  By default, Slackware is not vulnerable
  since it includes "noquery" as a default restriction.  However, it is
  vulnerable if this restriction is removed.  To help mitigate this flaw,
  "disable monitor" has been added to the default ntp.conf (which will disable
  the monlist command even if other queries are allowed), and the default
  restrictions have been extended to IPv6 as well.
  All users of the NTP daemon should make sure that their ntp.conf contains
  "disable monitor" to prevent misuse of the NTP service.  The new ntp.conf
  file will be installed as /etc/ntp.conf.new with a package upgrade, but the
  changes will need to be merged into any existing ntp.conf file by the admin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
    http://www.kb.cert.org/vuls/id/348126
  (* Security fix *)
+--------------------------+
Sat Feb  8 18:41:15 UTC 2014
l/seamonkey-solibs-2.24-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-27.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.3.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.24-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Mon Feb  3 20:58:32 UTC 2014
xap/pidgin-2.10.9-x86_64-1.txz:  Upgraded.
  This update fixes various security issues and other bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
  (* Security fix *)
+--------------------------+
Thu Jan 30 21:30:11 UTC 2014
n/openssh-6.5p1-x86_64-1.txz:  Upgraded.
+--------------------------+
Tue Jan 28 21:07:13 UTC 2014
l/mozilla-nss-3.15.4-x86_64-1.txz:  Upgraded.
  Upgraded to nss-3.15.4 and nspr-4.10.3.
  Fixes a possible man-in-the-middle issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
  (* Security fix *)
n/bind-9.9.4_P2-x86_64-1.txz:  Upgraded.
  This update fixes a defect in the handling of NSEC3-signed zones that can
  cause BIND to be crashed by a specific set of queries.
  NOTE:  According to the second link below, Slackware is probably not
  vulnerable since we aren't using glibc-2.18 yet.  Might as well fix it
  anyway, though.
  For more information, see:
    https://kb.isc.org/article/AA-01078
    https://kb.isc.org/article/AA-01085
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
  (* Security fix *)
+--------------------------+
Tue Jan 14 03:54:48 UTC 2014
a/openssl-solibs-1.0.1f-x86_64-1.txz:  Upgraded.
d/llvm-3.4-x86_64-1.txz:  Upgraded.
n/openssl-1.0.1f-x86_64-1.txz:  Upgraded.
  This update fixes the following security issues:
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
  (* Security fix *)
n/php-5.4.24-x86_64-1.txz:  Upgraded.
  The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before
  5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly
  parse (1) notBefore and (2) notAfter timestamps in X.509 certificates,
  which allows remote attackers to execute arbitrary code or cause a denial
  of service (memory corruption) via a crafted certificate that is not
  properly handled by the openssl_x509_parse function.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
  (* Security fix *)
n/samba-4.1.4-x86_64-1.txz:  Upgraded.
  This update fixes a heap-based buffer overflow that may allow AD domain
  controllers to execute arbitrary code via an invalid fragment length in
  a DCE-RPC packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
  (* Security fix *)
x/libXfont-1.4.7-x86_64-1.txz:  Upgraded.
  This update fixes a stack overflow when reading a BDF font file containing
  a longer than expected string, which could lead to crashes or privilege
  escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
  (* Security fix *)
+--------------------------+
Fri Dec 20 22:46:09 UTC 2013
n/gnupg-1.4.16-x86_64-1.txz:  Upgraded.
  Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
  Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
  For more information, see:
    http://www.cs.tau.ac.il/~tromer/acoustic/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
  (* Security fix *)
+--------------------------+
Mon Dec 16 20:51:01 UTC 2013
d/llvm-3.3-x86_64-3.txz:  Rebuilt.
  The LLVM package included binaries with an rpath pointing to the build
  location in /tmp.   This allows an attacker with write access to /tmp to
  add modified libraries (and execute arbitrary code) as any user running
  the LLVM binaries.  This updated package rebuilds LLVM to exclude the
  build directories from the rpath information.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)
d/ruby-1.9.3_p484-x86_64-1.txz:  Upgraded.
  This update fixes a heap overflow in floating point parsing.  A specially
  crafted string could cause a heap overflow leading to a denial of service
  attack via segmentation faults and possibly arbitrary code execution.
  For more information, see:
    https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
  (* Security fix *)
l/cairo-1.12.16-x86_64-1.txz:  Upgraded.
  Removed --enable-xcb-shm (may cause instability with GTK+3).
  Removed --enable-xlib-xcb (causes GIMP slowdown).
  Added --enable-ft and --enable-gl.
  If there are no problems reported with this update, perhaps it should be
  issued as a 14.1 bugfix?
l/libiodbc-3.52.8-x86_64-1.txz:  Upgraded.
  This update fixes an rpath pointing to a location in /tmp that was found in
  two test programs (iodbctest and iodbctestw).  This could have allowed a
  local attacker with write access to /tmp to add modified libraries (and
  execute arbitrary code) as any user running the test programs.
  Thanks to Christopher Oliver for the bug report.
  (* Security fix *)
l/libjpeg-v8a-x86_64-2.txz:  Rebuilt.
  Fix use of uninitialized memory when decoding images with missing SOS data
  for the luminance component (Y) in presence of valid chroma data (Cr, Cb).
  This could allow remote attackers to obtain sensitive information from
  uninitialized memory locations via a crafted JPEG image.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
  (* Security fix *)
l/seamonkey-solibs-2.23-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-26.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/mozilla-thunderbird-24.2.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.23-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Thu Dec  5 22:20:36 UTC 2013
kde/calligra-2.7.5-x86_64-1.txz:  Upgraded.
kdei/calligra-l10n-bs-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ca-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ca\@valencia-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-cs-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-da-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-de-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-el-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-es-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-et-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-fi-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-fr-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-gl-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-hu-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ia-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-it-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-kk-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nb-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nds-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-nl-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pl-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pt-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-pt_BR-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-ru-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-sk-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-sl-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-sv-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-tr-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-uk-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-zh_CN-2.7.5-noarch-1.txz:  Upgraded.
kdei/calligra-l10n-zh_TW-2.7.5-noarch-1.txz:  Upgraded.
l/mozilla-nss-3.15.3-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/announce/2013/mfsa2013-103.html
  (* Security fix *)
l/seamonkey-solibs-2.22.1-x86_64-1.txz:  Upgraded.
xap/gimp-2.8.10-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-24.1.1-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
  (* Security fix *)
xap/seamonkey-2.22.1-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Mon Nov 18 20:52:16 UTC 2013
l/seamonkey-solibs-2.22-x86_64-1.txz:  Upgraded.
n/openssh-6.4p1-x86_64-1.txz:  Upgraded.
  sshd(8): fix a memory corruption problem triggered during rekeying
  when an AES-GCM cipher is selected.
  For more information, see:
    http://www.openssh.com/txt/gcmrekey.adv
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
  (* Security fix *)
n/php-5.4.22-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
n/samba-4.1.1-x86_64-1.txz:  Upgraded.
  This update fixes two security issues:
  * Samba versions 3.2.0 and above do not check the underlying file or
    directory ACL when opening an alternate data stream.
  * In setups which provide ldap(s) and/or https services, the private key
    for SSL/TLS encryption might be world readable.  This typically happens
    in active directory domain controller setups.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4476
  (* Security fix *)
  Added tdb.h, tdb.pc, and a libtdb.so symlink.  Thanks to Matteo Bernardini.
xap/mozilla-firefox-25.0.1-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox.html
  (* Security fix *)
xap/seamonkey-2.22-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
  (* Security fix *)
+--------------------------+
Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)