kikadf | 24 Nov 09:14 2014
Picon

frugalware-current: tcpdump-4.5.1-2-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=6bc9853f93cbcc1ec24c0b720772b0c0d2d8a6b8

commit 6bc9853f93cbcc1ec24c0b720772b0c0d2d8a6b8
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 09:15:59 2014 +0100

tcpdump-4.5.1-2-x86_64

* Fix CVE-2014-8767, CVE-2014-8768, CVE-2014-8769

diff --git a/source/network-extra/tcpdump/CVE-2014-8767.patch b/source/network-extra/tcpdump/CVE-2014-8767.patch
new file mode 100644
index 0000000..e0eab74
--- /dev/null
+++ b/source/network-extra/tcpdump/CVE-2014-8767.patch
 <at>  <at>  -0,0 +1,178  <at>  <at> 
+From d8b4852e45a94fcde141ae28a2d5e36368ca92ae Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@...>
+Date: Thu, 20 Nov 2014 11:38:46 +0100
+Subject: [PATCH] Do more bounds checking and length checking.
+
+Don't run past the end of the captured data, and don't run past the end
+of the packet (i.e., don't make the length variable go negative).
+
+Also, stop dissecting if the message length isn't valid.
+
+(cherry picked from commit 4038f83ebf654804829b258dde5e0a508c1c2003)
+---
+ print-olsr.c | 56 +++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 43 insertions(+), 13 deletions(-)
(Continue reading)

kikadf | 24 Nov 09:13 2014
Picon

frugalware-current: ruby-2.1.5-1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=b6d0b7a3331337a532ce78ded048ae95fbb35eb9

commit b6d0b7a3331337a532ce78ded048ae95fbb35eb9
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 09:14:54 2014 +0100

ruby-2.1.5-1-x86_64

* Version bump

diff --git a/source/devel/ruby/FrugalBuild b/source/devel/ruby/FrugalBuild
index 767bd22..18e9098 100644
--- a/source/devel/ruby/FrugalBuild
+++ b/source/devel/ruby/FrugalBuild
 <at>  <at>  -6,7 +6,7  <at>  <at> 
options+=('asneeded')

pkgname=ruby
-pkgver=2.1.4
+pkgver=2.1.5
pkgpatch=
pkgrel=1
pkgdesc="An object-oriented programming language."
 <at>  <at>  -17,7 +17,7  <at>  <at>  groups=('devel')
archs=('i686' 'x86_64' 'arm')
up2date="Flasttar ftp://ftp.ruby-lang.org/pub/ruby/"
source=(ftp://ftp.ruby-lang.org/pub/ruby/ruby-${pkgver}$pkgpatch.tar.bz2)
-sha1sums=('c80ea0d5dddf1b0e7846b618fa7ae0e0cf7e55df')
+sha1sums=('d822e022bb8875724852f049f499f101d24a7fe5')

(Continue reading)

kikadf | 24 Nov 09:08 2014
Picon

frugalware-current: kdebase-runtime--2-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=26003d9a57c8145657ad22d0468f220a4958f6ae

commit 26003d9a57c8145657ad22d0468f220a4958f6ae
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 09:09:27 2014 +0100

kdebase-runtime--2-x86_64

* Fix CVE-2014-8600

diff --git a/source/kde/kdebase-runtime/CVE-2014-8600.patch b/source/kde/kdebase-runtime/CVE-2014-8600.patch
new file mode 100644
index 0000000..b844660
--- /dev/null
+++ b/source/kde/kdebase-runtime/CVE-2014-8600.patch
 <at>  <at>  -0,0 +1,20  <at>  <at> 
+diff -up kde-runtime-4.14.3/kioslave/bookmarks/kio_bookmarks.cpp.me kde-runtime-4.14.3/kioslave/bookmarks/kio_bookmarks.cpp
+--- kde-runtime-4.14.3/kioslave/bookmarks/kio_bookmarks.cpp.me	2014-11-17
11:53:22.952583226 +0100
++++ kde-runtime-4.14.3/kioslave/bookmarks/kio_bookmarks.cpp	2014-11-17 11:56:11.094159901 +0100
+ <at>  <at>  -22,6 +22,7  <at>  <at> 
+ #include <stdlib.h>
+
+ #include <qregexp.h>
++#include <qtextdocument.h>
+
+ #include <kapplication.h>
+ #include <kcmdlineargs.h>
+ <at>  <at>  -197,7 +198,7  <at>  <at>  void BookmarksProtocol::get( const KUrl&
+     echoImage(regexp.cap(1), regexp.cap(2), url.queryItem("size"));
(Continue reading)

kikadf | 24 Nov 09:04 2014
Picon

frugalware-1.9: tcpdump-4.4.0-2arcturus1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=8f3f236a7bb26ed9c096237150477a0bf59d6ee5

commit 8f3f236a7bb26ed9c096237150477a0bf59d6ee5
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 09:05:24 2014 +0100

tcpdump-4.4.0-2arcturus1-x86_64

* Fix CVE-2014-8767, CVE-2014-8769

diff --git a/source/network-extra/tcpdump/CVE-2014-8767.patch b/source/network-extra/tcpdump/CVE-2014-8767.patch
new file mode 100644
index 0000000..e0eab74
--- /dev/null
+++ b/source/network-extra/tcpdump/CVE-2014-8767.patch
 <at>  <at>  -0,0 +1,178  <at>  <at> 
+From d8b4852e45a94fcde141ae28a2d5e36368ca92ae Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@...>
+Date: Thu, 20 Nov 2014 11:38:46 +0100
+Subject: [PATCH] Do more bounds checking and length checking.
+
+Don't run past the end of the captured data, and don't run past the end
+of the packet (i.e., don't make the length variable go negative).
+
+Also, stop dissecting if the message length isn't valid.
+
+(cherry picked from commit 4038f83ebf654804829b258dde5e0a508c1c2003)
+---
+ print-olsr.c | 56 +++++++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 43 insertions(+), 13 deletions(-)
(Continue reading)

kikadf | 24 Nov 09:03 2014
Picon

frugalware-1.9: ruby-1.9.2-3arcturus1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=e98e5fd3e80b2ef8283c81961601be9d72443874

commit e98e5fd3e80b2ef8283c81961601be9d72443874
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 09:04:15 2014 +0100

ruby-1.9.2-3arcturus1-x86_64

* Fix CVE-2014-4975, CVE-2014-8080, CVE-2014-8090

diff --git a/source/devel/ruby/CVE-2014-4975.patch b/source/devel/ruby/CVE-2014-4975.patch
new file mode 100644
index 0000000..46272df
--- /dev/null
+++ b/source/devel/ruby/CVE-2014-4975.patch
 <at>  <at>  -0,0 +1,44  <at>  <at> 
+Description: fix denial of service via buffer overrun in encodes function
+Origin: backport, http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
+Bug: https://bugs.ruby-lang.org/issues/10019
+
+Index: ruby1.9.1-1.9.3.484/pack.c
+===================================================================
+--- ruby1.9.1-1.9.3.484.orig/pack.c	2014-10-31 13:04:12.784966050 -0400
++++ ruby1.9.1-1.9.3.484/pack.c	2014-10-31 13:04:12.780966019 -0400
+ <at>  <at>  -1068,7 +1068,8  <at>  <at> 
+ static void
+ encodes(VALUE str, const char *s, long len, int type, int tail_lf)
+ {
+-    char buff[4096];
++    enum {buff_size = 4096, encoded_unit = 4};
(Continue reading)

kikadf | 24 Nov 08:52 2014
Picon

homepage-ng: Add FSA for drupal6

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=bfd5a504beff1c67478a0f1b23b171f29774034f

commit bfd5a504beff1c67478a0f1b23b171f29774034f
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:54:20 2014 +0100

Add FSA for drupal6

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index b62a8f9..099cb7c 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
 <at>  <at>  -39,6 +39,19  <at>  <at> 

<fsas>
<fsa>
+               <id>940</id>
+               <date>2014-11-24</date>
+               <author>kikadf</author>
+               <package>drupal6</package>
+               <vulnerable>6.33-1arcturus1</vulnerable>
+               <unaffected>6.34-1arcturus1</unaffected>
+               <bts></bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9015
+			   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9016</cve>
+               <desc>Aaron Averill discovered that a specially crafted request can give a user access to another user's
session, allowing an attacker to hijack a random session.
+			   Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API
allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.</desc>
+       </fsa>
(Continue reading)

kikadf | 24 Nov 08:51 2014
Picon

homepage-ng: Add FSA for drupal7

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=ef7d93a1a6ba03cb90f3f6662b430c7d7d6764a1

commit ef7d93a1a6ba03cb90f3f6662b430c7d7d6764a1
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:53:20 2014 +0100

Add FSA for drupal7

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index b707d6b..b62a8f9 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
 <at>  <at>  -39,6 +39,19  <at>  <at> 

<fsas>
<fsa>
+               <id>939</id>
+               <date>2014-11-24</date>
+               <author>kikadf</author>
+               <package>drupal7</package>
+               <vulnerable>7.22-2arcturus5</vulnerable>
+               <unaffected>7.22-2arcturus6</unaffected>
+               <bts></bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9015
+			   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9016</cve>
+               <desc>Aaron Averill discovered that a specially crafted request can give a user access to another user's
session, allowing an attacker to hijack a random session.
+			   Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API
allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.</desc>
+       </fsa>
(Continue reading)

kikadf | 24 Nov 08:50 2014
Picon

frugalware-current: drupal6-6.34-1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=971854e387e142e41f2568922cfd71784b446c2f

commit 971854e387e142e41f2568922cfd71784b446c2f
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:52:01 2014 +0100

drupal6-6.34-1-x86_64

* Version bump

diff --git a/source/network-extra/drupal6/FrugalBuild b/source/network-extra/drupal6/FrugalBuild
index 38077f2..a7b1e2d 100644
--- a/source/network-extra/drupal6/FrugalBuild
+++ b/source/network-extra/drupal6/FrugalBuild
 <at>  <at>  -2,7 +2,7  <at>  <at> 
# Maintainer: CSÉCSY László <boobaa@...>

pkgname=drupal6
-pkgver=6.33
+pkgver=6.34
pkgrel=1
pkgdesc="An open source content management platform"
url="http://drupal.org"
 <at>  <at>  -14,7 +14,7  <at>  <at>  up2date="elinks -dump http://drupal.org/project/Drupal+project | grep -m1 'l-6[0
backup=(var/www/drupal6/sites/default/settings.php)
source=(http://drupal.org/files/projects/drupal-$pkgver.tar.gz \
README.Frugalware)
-sha1sums=('c608ef05de35ddbef12565d0f7ad6bea23986b02' \
+sha1sums=('f2ac9963b83f2703c2cd37816a294851d075b987' \
'3e301be2f8a247c86b5f32e68773c9618322e7d7')
(Continue reading)

kikadf | 24 Nov 08:47 2014
Picon

frugalware-1.9: drupal6-6.34-1arcturus1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=b99637dfd60958e5ba1e2433de77163d4d90b74e

commit b99637dfd60958e5ba1e2433de77163d4d90b74e
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:48:59 2014 +0100

drupal6-6.34-1arcturus1-x86_64

* Version bump
* Fix CVE-2014-9015, CVE-2014-9016

diff --git a/source/network-extra/drupal6/FrugalBuild b/source/network-extra/drupal6/FrugalBuild
index afde1b8..dba6c71 100644
--- a/source/network-extra/drupal6/FrugalBuild
+++ b/source/network-extra/drupal6/FrugalBuild
 <at>  <at>  -2,7 +2,7  <at>  <at> 
# Maintainer: CSÉCSY László <boobaa@...>

pkgname=drupal6
-pkgver=6.33
+pkgver=6.34
pkgrel=1arcturus1
pkgdesc="An open source content management platform"
url="http://drupal.org"
 <at>  <at>  -14,7 +14,7  <at>  <at>  up2date="elinks -dump http://drupal.org/project/Drupal+project | grep -m1 'l-6[0
backup=(var/www/drupal6/sites/default/settings.php)
source=(http://drupal.org/files/projects/drupal-$pkgver.tar.gz \
README.Frugalware)
-sha1sums=('c608ef05de35ddbef12565d0f7ad6bea23986b02' \
+sha1sums=('f2ac9963b83f2703c2cd37816a294851d075b987' \
(Continue reading)

kikadf | 24 Nov 08:45 2014
Picon

frugalware-current: drupal7-7.34-1-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=faa56e82e66a9b8fd3c59601a0762b14261bbbb0

commit faa56e82e66a9b8fd3c59601a0762b14261bbbb0
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:47:31 2014 +0100

drupal7-7.34-1-x86_64

* Version bump

diff --git a/source/network-extra/drupal7/FrugalBuild b/source/network-extra/drupal7/FrugalBuild
index 53ea384..ba597ad 100644
--- a/source/network-extra/drupal7/FrugalBuild
+++ b/source/network-extra/drupal7/FrugalBuild
 <at>  <at>  -2,7 +2,7  <at>  <at> 
# Maintainer: CSÉCSY László <boobaa@...>

pkgname=drupal7
-pkgver=7.32
+pkgver=7.34
pkgrel=1
pkgdesc="An open source content management platform"
url="http://drupal.org"
 <at>  <at>  -14,7 +14,7  <at>  <at>  up2date="elinks -dump https://drupal.org/project/Drupal+project | grep -m1 'l-7[
backup=(var/www/drupal6/sites/default/settings.php)
source=(http://drupal.org/files/projects/drupal-$pkgver.tar.gz \
README.Frugalware)
-sha1sums=('6f9e1344b27edce3e0e16a5f810cfd442d2d8107' \
+sha1sums=('00d54028ce926180aca709b4031eb8ec0339a48b' \
'84a37af7ac58313679634c98185a3847d337ce3e')
(Continue reading)

kikadf | 24 Nov 08:44 2014
Picon

frugalware-1.9: drupal7-7.22-2arcturus6-x86_64

Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=d1327f256de384d61c85b772c7318f36d0d0a7cd

commit d1327f256de384d61c85b772c7318f36d0d0a7cd
Author: kikadf <kikadf.01@...>
Date:   Mon Nov 24 08:45:29 2014 +0100

drupal7-7.22-2arcturus6-x86_64

* Fix CVE-2014-9015, CVE-2014-9016

diff --git a/source/network-extra/drupal7/FrugalBuild b/source/network-extra/drupal7/FrugalBuild
index b9af52e..cd073cf 100644
--- a/source/network-extra/drupal7/FrugalBuild
+++ b/source/network-extra/drupal7/FrugalBuild
 <at>  <at>  -3,7 +3,7  <at>  <at> 

pkgname=drupal7
pkgver=7.22
-pkgrel=2arcturus5
+pkgrel=2arcturus6
pkgdesc="An open source content management platform"
url="http://drupal.org"
rodepends=('apache' 'php')
 <at>  <at>  -21,13 +21,15  <at>  <at>  options=('stick')
# FSA fix ***
source=(${source[ <at> ]} SA-CORE-2013-003.patch SA-CORE-2014-001.patch
SA-CORE-2014-002.patch SA-CORE-2014-003.patch
-                     SA-CORE-2014-004.patch SA-CORE-2014-005.patch)
+                     SA-CORE-2014-004.patch SA-CORE-2014-005.patch
+                     SA-CORE-2014-006.patch)
(Continue reading)


Gmane