Wed Aug 31 11:15:33 EDT 2016 net-base/openssl upgraded from 1.0.2g to 1.0.2h +----------------+ Fri Sep 2 11:48:15 EDT 2016 net-general/openssh 7.3p1 built +----------------+ Fri Sep 2 12:01:55 EDT 2016 net-base/wget rebuilt (build 2) to link against openssl 1.0.2h +----------------+ Sat Sep 3 09:47:10 EDT 2016 base/psmisc rebuilt (build 2) to fix a bug in which the fuser and killall programs were not installed. +----------------+ Sat Sep 3 09:59:54 EDT 2016 base/vim rebuilt (builds 2 & 3) to fix a bug in which /etc/vimrc was not installed. +----------------+ Sun Sep 4 09:05:19 EDT 2016 net-general/openssh rebuilt (build 2) to fix a bug with the sshd init script. +----------------+ Sun Sep 4 13:54:17 EDT 2016 base/sysvinit-bootscripts 1.0.1 built base/lfs-bootscripts replaced with base/sysvinit-bootscripts base/etc upgraded from 1.0.1 to 1.0.2 This was done to fix a conflict with the new sysvinit-bootscripts package. +----------------+ Sun Sep 4 19:36:47 EDT 2016 net-base/network-scripts 1.0.3 built +----------------+ Mon Sep 5 11:27:35 EDT 2016 base/pciutils 3.5.1 built +----------------+ Mon Sep 5 12:13:01 EDT 2016 base/popt 1.16 built and rebuilt (builds 1 & 2) base/efivar 27 built base/efibootmgr 13 built +----------------+ Wed Sep 7 11:12:41 EDT 2016 apps-base/fortune 2.13 built Note: automatic version detecting in the buildscript is broken. Make sure to pass VERSION= to the buildscript. +----------------+ Wed Sep 7 11:18:50 EDT 2016 base/etc upgraded from 1.0.2 to 1.0.3 +----------------+ Fri Sep 9 16:28:56 EDT 2016 base/linux upgraded from 4.4.19 to 4.4.20 Additionally, the i686 config was updated to support multicore processors and the EFISTUB loader, along with a couple of other features. Namely, I switched from the config-huge config to the config-huge-smp config provided by Slackware. +----------------+ Fri Sep 9 18:48:24 EDT 2016 installer - added support for UEFI installation and fixed a few installer bugs. +----------------+ Sat Sep 10 09:48:40 EDT 2016 apps-base/htop 2.0.2 built +----------------+ Sat Sep 10 09:56:58 EDT 2016 apps-base/sl 5.02 built +----------------+ Sat Sep 10 10:02:11 EDT 2016 apps-base/nano 2.7.0 built +----------------+ Sat Sep 10 10:10:39 EDT 2016 apps-base/lzip 1.18 built base/ed 1.13 built +----------------+ Sat Sep 10 10:28:28 EDT 2016 apps-base/sudo 1.8.17p1 built +----------------+ Sat Sep 10 10:55:48 EDT 2016 apps-base/sudo rebuilt (build 2) to fix a bug on x86_64 in which the libraries were placed into /usr/lib instead of /usr/lib64. +----------------+ Sat Sep 10 11:02:45 EDT 2016 apps-base/cpio 2.12 built +----------------+ Sat Sep 10 11:19:16 EDT 2016 apps-general/lm_sensors 3.4.0 built +----------------+ Sat Sep 10 11:37:04 EDT 2016 apps-general/p7zip 16.02 built +----------------+ Sun Sep 11 09:25:32 EDT 2016 NEVER FORGET - 9/11/01 apps-general/unrar 5.4.5 built +----------------+ Sun Sep 11 09:47:14 EDT 2016 apps-base/unzip 6.0 built apps-base/zip 3.0 built +----------------+ Mon Sep 12 18:29:32 EDT 2016 lib-base/libffi 3.2.1 built +----------------+ Wed Sep 14 17:48:35 EDT 2016 lang-base/python2 2.7.12 built +----------------+ Wed Sep 14 18:51:08 EDT 2016 lang-base/python3 3.5.1 built +----------------+ Wed Sep 14 18:57:04 EDT 2016 lang-base/python2 rebuilt (build 2) to fix a problem with the symlinks. +----------------+ Sun Sep 18 17:34:33 EDT 2016 net-base/iputils s20140519 built +----------------+ Sun Sep 18 18:46:38 EDT 2016 net-base/dhcpcd 6.11.3 built +----------------+ Mon Sep 19 18:12:51 EDT 2016 net-base/bind-client 9.10.4-P2 built +----------------+ Mon Sep 19 18:15:59 EDT 2016 net-base/dhcpcd rebuilt (build 2) to fix an error in the configuration method help page. +----------------+ Tue Sep 20 16:45:37 EDT 2016 net-base/whois 5.2.12 built +----------------+ Tue Sep 20 16:56:08 EDT 2016 apps-base/links 2.13 built +----------------+ Sat Oct 8 11:33:23 EDT 2016 dev-general/git 2.10.1 built +----------------+ Sat Oct 8 11:52:33 EDT 2016 base/linux-firmware 20161008 built +----------------+ Sat Oct 8 12:13:11 EDT 2016 net-base/wireless-tools 29 built +----------------+ Sat Oct 8 17:03:03 EDT 2016 base/pickle 1.0.0 built Pickle is being introduced as the update manager for Cucumber Linux. It is a simple shell script with a few problems, but it should work well enough for now. +----------------+ Wed Oct 12 09:38:22 EDT 2016 net-base/cacertificates built net-base/wget rebuilt (build 3) to add support for the cacertificates (https). +----------------+ Wed Oct 12 10:35:39 EDT 2016 base/pickle updated from 1.0.0 to 1.0.1 +----------------+ Wed Oct 12 10:44:03 EDT 2016 base/pickle updated from 1.0.1 to 1.0.2 +----------------+ Wed Oct 12 10:52:18 EDT 2016 net-base/bind updated from 9.10.4_P2 to 9.10.4_P3 to fix a security flaw: This update fixes a denial-of-service vulnerability. Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. For more information, see: https://kb.isc.org/article/AA-01419/0 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776 * SECURITY FIX * +----------------+ Wed Oct 12 11:07:01 EDT 2016 base/pickle updated from 1.0.2 to 1.0.3 +----------------+ Mon Oct 17 09:45:31 EDT 2016 apps-base/man rebuilt (build 2) to fix the handling of escape sequences. +----------------+ Mon Oct 17 09:56:48 EDT 2016 net-base/openssl updated from 1.0.2h to 1.0.2j to fix a security flaw: Missing CRL sanity check (CVE-2016-7052) For more information, see: https://www.openssl.org/news/secadv/20160926.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052 * SECURITY FIX * +----------------+ Tue Oct 18 17:55:05 EDT 2016 lib-base/libnl 3.2.28 built +----------------+ Tue Oct 18 17:59:50 EDT 2016 net-base/wpa_supplicant 2.6 built +----------------+ Sat Oct 22 09:53:02 EDT 2016 net-base/wpa_supplicant rebuilt (build 2) to add the appropriate network configuration scripts. +----------------+ Sat Oct 22 10:12:24 EDT 2016 lib-general/libpcap 1.8.0 built +----------------+ Sat Oct 22 10:30:20 EDT 2016 lib-general/pcre 8.39 built +----------------+ Sat Oct 22 10:40:21 EDT 2016 lib-general/liblinear 210 built +----------------+ Sat Oct 22 11:34:10 EDT 2016 net-general/nmap 7.31 built +----------------+ Sat Oct 22 11:40:40 EDT 2016 net-general/tcpdump 4.7.4 built +----------------+ Sat Oct 22 14:29:48 EDT 2016 net-general/iptables 1.6.0 built +----------------+ Sat Oct 22 14:33:54 EDT 2016 net-general/nmap rebuilt (build 2) to fix a linkage error +----------------+ Tue Nov 1 14:21:46 EDT 2016 base/linux upgraded from 4.4.20 to 4.4.30 to fix the "Dirty COW" security issue. Details: This kernel fixes a security issue known as "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase his privileges on the system. For more information, see: https://dirtycow.ninja/ https://www.kb.cert.org/vuls/id/243144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195 * SECURITY FIX * +----------------+ Fri Nov 4 09:40:05 EDT 2016 net-base/bind-client upgraded from 9.10.4_P3 to 9.10.4_P4 to fix a denial of service vulnerability. For more information, see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.571846 https://kb.isc.org/article/AA-01434 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864 * SECURITY FIX * +----------------+ Tue Nov 8 08:57:25 EST 2016 apps-base/sudo rebuilt (build 3) to fix a bug in which the installation of the package clobbered the permissions on /run. +----------------+ Tue Nov 8 09:12:41 EST 2016 net-base/openssl rebuilt (build 2) to fix a bug in which the man pages were not properly installed. +----------------+ Wed Nov 23 11:21:03 EST 2016 apps-base/links rebuilt (build 2) to add javascript support +----------------+ Wed Nov 23 15:53:59 EST 2016 base/vim rebuilt (build 4) to patch a bug in which a file could arbitrarily execute code. For more details see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1248 * SECURITY FIX * +----------------+ Fri Nov 25 09:12:25 EST 2016 base/linux upgraded from 4.4.30 to 4.4.34 to fix two memory exploits (CVE-2016-7917 and CVE-2015-8964). For more information see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7917 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8964 * SECURITY FIX * +----------------+ Sat Nov 26 10:38:04 EST 2016 net-base/cacertificates upgraded from 20161012 to 20161126 to fix a bug in which the symlinks in /etc/ssl/certs were not set up correctly. +----------------+ Sat Nov 26 11:05:00 EST 2016 lib-base/freetype 2.7 built +----------------+ Sat Nov 26 11:10:54 EST 2016 lib-base/fontconfig 2.12.1 built +----------------+ Sat Nov 26 11:14:36 EST 2016 lib-base/poppler 0.45.0 built +----------------+ Sat Nov 26 11:25:54 EST 2016 lib-base/libgpg-error 1.25 built +----------------+ Sat Nov 26 11:29:13 EST 2016 lib-base/libassuan 2.4.3 built +----------------+ Sat Nov 26 11:37:59 EST 2016 lib-base/libgcrypt 1.7.3 built +----------------+ Sat Nov 26 11:42:33 EST 2016 lib-base/libksba 1.3.5 built +----------------+ Sat Nov 26 11:49:29 EST 2016 lib-base/npth 1.3 built +----------------+ Sat Nov 26 12:01:14 EST 2016 net-base/gnupg 2.1.16 built +----------------+ Sun Nov 27 11:42:22 EST 2016 base/pickle upgraded from 1.0.3 to 1.0.4. This update adds a couple of new features: GPG verification and support for the install update type. It also fixes a bug which could cause nonexistant new packages to be displayed in the update list. +----------------+ Tue Nov 29 11:02:36 EST 2016 net-base/wireless-tools rebuilt (build 2) to add the wireless configuration method. +----------------+ Tue Nov 29 11:16:24 EST 2016 base/sysvinit rebuilt (build 2) to add a README for people who were expceting to find /etc/systemd. +----------------+ Tue Nov 29 11:30:23 EST 2016 base/pickle upgraded from 1.0.4 to 1.0.5 to fix a bug in which the update list was not populated correctly. +----------------+ Tue Nov 29 11:40:44 EST 2016 base/pickle upgraded from 1.0.5 to 1.0.6 to fix a bug which caused the update list to be populated incorrectly (for real this time :P). +----------------+ Fri Dec 2 09:29:07 EST 2016 net-base/wireless-tools rebuilt (build 3) to correct the ifhelp text. +----------------+ Fri Dec 2 11:24:14 EST 2016 base/glibc-zoneinfo built +----------------+ Sun Dec 11 15:39:32 EST 2016 base/linux upgraded from 4.4.34 to 4.4.38 to patch CVE-2016-8650, a bug in which a NULL pointer dereference in mpi_powm() in lib/mpi/mpi-pow.c could cause a kernel panic. For more details, see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.36 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8650 * SECURITY FIX * +----------------+ Wed Dec 14 10:07:21 EST 2016 lib-general/apr 1.5.2 built +----------------+ Wed Dec 14 10:12:18 EST 2016 lib-general/apr-util 1.5.4 built +----------------+ Wed Dec 14 10:53:04 EST 2016 lib-general/pcre rebuilt (build 2) to fix a bug in which the symlinks in /usr/lib were not set up correctly. +----------------+ Wed Dec 14 11:09:49 EST 2016 net-general/apache 2.4.23 built +----------------+ Wed Dec 14 11:17:31 EST 2016 net-general/apache rebuilt (build 2) to fix some directory structure issues. +----------------+ Wed Dec 14 11:31:05 EST 2016 net-general/apache rebuilt (build 3) to fix more directory structure bugs. +----------------+ Thu Dec 22 11:46:19 EST 2016 net-general/openssh rebuilt (build 3) to fix a bug in which the sshd user was not added when installing to a root directory other than /. Also added symlink information to /etc/init.d/sshd. +----------------+ Thu Dec 22 11:59:38 EST 2016 net-general/apache rebuilt (build 4) to fix a bug in which the apache user was not added when installing to a root directory other than /. Also added some missing information to /etc/init.d/httpd. +----------------+ Fri Dec 23 11:01:28 EST 2016 net-general/openssh upgraded from 7.3p1 to 7.4p1 to fix (amongst other things) CVE-2016-8858, a security bug in which a remote attacker could cause a denial of service via memory consumption by sending many duplicate KEXINIT requests. * SECURITY FIX * +----------------+ Sat Dec 24 11:06:52 EST 2016 net-general/apache upgraded from 2.4.23 to 2.4.25 to fix two security bugs, which allowed a denail of service via memory consumption and allowed arbitrary redirection of a server's outbound HTTP traffic to a proxy server. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387 * SECURITY FIX * +----------------+ Sun Dec 25 13:27:06 EST 2016 lib-base/expat upgraded from 2.1.0 to 2.2.0 to fix several security issues: CVE-2016-0718 Fix crash on malformed input CVE-2016-4472 Improve insufficient fix to CVE-2015-1283 / CVE-2015-2716 CVE-2016-5300 Use more entropy for hash initialization than the original fix to CVE-2012-0876 CVE-2012-6702 Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 For more information see: http://expat.sourceforge.net/ Merry Christmas! * SECURITY FIX * +----------------+ Mon Dec 26 11:12:47 EST 2016 lib-general/libxml2 2.9.4 built +----------------+ Tue Dec 27 13:42:35 EST 2016 lang-general/php 5.6.29 built +----------------+ Tue Dec 27 14:55:37 EST 2016 lang-general/php rebuilt (build 2) to fix a bug in which /etc/init.d/php-fpm was not installed. +----------------+ Tue Dec 27 17:08:58 EST 2016 net-general/apache rebuilt (build 2) to fix a bug in which php support was not properly enabled. Additionally, the httpd configuration files will not automatically be overwritten anymore. You will need to update your httpd.conf though to apply the php fix. +----------------+ Tue Dec 27 17:46:34 EST 2016 net-general/apache rebuilt (builds 3-6) to fix bugs in the installation process. +----------------+ Wed Dec 28 10:03:21 EST 2016 apps-general/sqlite 3150200 (3.15.2) built +----------------+ Wed Dec 28 10:24:09 EST 2016 net-base/curl 7.52.1 built +----------------+ Wed Dec 28 10:28:39 EST 2016 lib-general/libarchive 3.2.2 built +----------------+ Wed Dec 28 12:04:30 EST 2016 base/ncurses rebuilt (build 2) to fix a bug in which the symlinks in /usr/lib64 were not set up correctly on the x86_64 branch. +----------------+ Wed Dec 28 14:09:45 EST 2016 net-general/mariadb 10.1.20 built and rebuilt (builds 1 & 2) +----------------+ Wed Dec 28 14:10:02 EST 2016 lang-general/php rebuilt (build 3) to enable mysql support +----------------+ Wed Dec 28 15:12:35 EST 2016 lang-general/php rebuilt (build 4) to fix mysql support and enable support for several other libraries +----------------+ Wed Dec 28 16:31:29 EST 2016 net-general/mariadb rebuilt (build 3) to fix an installation/init script bug in which the database was not initialized after installation. +----------------+ Wed Dec 28 17:42:44 EST 2016 base/pickle updated from 1.0.6 to 1.0.7. This update switches the file fetching program from wget to curl. It additionally now prompts the user about how he would like to handle updates to configuration files instead of blindly overwriting the existing files. +----------------+ Thu Dec 29 11:16:23 EST 2016 net-general/rsync built and rebuilt (builds 1 & 2) +----------------+ Fri Dec 30 09:15:06 EST 2016 lang-base/python3 upgraded from 3.5.2 to 3.6.0 to fix (amongst other things) a few security issues: CVE-2016-2183 Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack. CVE-2016-1000110 Prevent HTTPoxy attack. CVE-2015-1283 CVE-2016-0772 Fix TLS stripping vulnerability in smtplib. CVE-2013-1753 Add a default limit for the amount of data xmlrpclib.gzip_decode will return. CVE-2014-4616 Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second parameter. For more details see: https://hg.python.org/cpython/raw-file/v3.6.0/Misc/NEWS lang-base/python2 upgraded from 2.7.12 to 2.7.13 to fix (amongst other things) a few security issues: CVE-2016-2183 Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack. CVE-2016-1000110 Prevent HTTPoxy attack. CVE-2015-1283 CVE-2016-0772 Fix TLS stripping vulnerability in smtplib. CVE-2013-1753 Add a default limit for the amount of data xmlrpclib.gzip_decode will return. CVE-2014-4616 Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second parameter. For more details see: https://hg.python.org/cpython/raw-file/v3.6.0/Misc/NEWS * SECURITY FIX * +----------------+ Fri Dec 30 10:18:14 EST 2016 x-base/util-macros 1.19.0 built +----------------+ Fri Dec 30 10:26:31 EST 2016 x-base/xorg-protocol-headers 7.7 built +----------------+ Fri Dec 30 10:39:12 EST 2016 x-base/libXau 1.0.8 built x-base/libXdmcp-1.1.2 built x-base/xcb-proto 1.11 built +----------------+ Fri Dec 30 11:00:59 EST 2016 lang-base/python2 rebuilt (build 2) to fix a bug on x86_64 in which libraries were installed to /usr/lib instead of /usr/lib64. +----------------+ Fri Dec 30 11:30:38 EST 2016 lang-base/python2 rebuilt (build 3) to fix /usr/lib64 on x86_64 lang-base/python3 rebuilt (builds 2 & 3) to fix /usr/lib64 in x86_64 +----------------+ Fri Dec 30 11:53:17 EST 2016 lang-base/python2 rebuilt (build 4) to finally fix the /usr/lib64 issue x-base/libxcb 1.11.1 built +----------------+ Fri Dec 30 12:56:45 EST 2016 All of the x-base packages have been removed. Things didn't go so well building X11 this time. We will try again :) +----------------+ Fri Dec 30 13:46:45 EST 2016 lib-base/libpng 1.6.27 built lib-base/talloc 2.1.8 built +----------------+ Fri Dec 30 13:59:38 EST 2016 lib-base/mtdev 1.1.5 built +----------------+ Fri Dec 30 15:45:05 EST 2016 dev-general/llvm 3.7.1 built +----------------+ Sat Dec 31 12:17:52 EST 2016 lang-base/python2 rebuilt (built 5) to enable pip +----------------+ Sun Jan 1 13:10:45 EST 2017 The x-base group was restored to its previous state (the state after the first attempt). x-base/xorg-libraries built x-base/xcb-util built x-base/xcb-util-image built x-base/xcb-util-keysyms built x-base/xcb-util-renderutil built x-base/xcb-util-wm built x-base/xcb-util-cursor built dev-general/elfutils built +----------------+ Sun Jan 1 13:53:29 EST 2017 x-base/libdrm 2.4.66 built x-base/mesa 11.1.4 built x-base/xbitmaps built +----------------+ Sun Jan 1 14:13:11 EST 2017 x-base/xorg-applications built x-base/xcursor-themes built +----------------+ Sun Jan 1 14:15:52 EST 2017 x-base/font-util built +----------------+ Sun Jan 1 14:21:56 EST 2017 x-base/xorg-fonts built +----------------+ Sun Jan 1 14:27:24 EST 2017 x-base/xkeyboard-config built +----------------+ Sun Jan 1 14:33:31 EST 2017 x-base/pixman 0.34.0 built +----------------+ Sun Jan 1 14:50:02 EST 2017 x-base/xorg-server built x-base/twm built x-base/xterm built +----------------+ Sun Jan 1 15:20:18 EST 2017 x-base/xclock built x-base/xinit built x-base/xf86-video-vesa built x-base/xf86-input-keyboard built x-base/xf86-input-mouse built x-base/libevdev 1.4.6 built +----------------+ Sun Jan 1 15:21:42 EST 2017 x-base/xf86-input-evdev built +----------------+ Sun Jan 1 15:47:26 EST 2017 x-base/libpthread-stubs 0.3 built +----------------+ Sun Jan 1 16:19:20 EST 2017 x-base/libpthread-stubs rebuilt (build 2) +----------------+ Sun Jan 1 16:20:02 EST 2017 x-general/windowmaker 0.95.7 built +----------------+ Mon Jan 2 10:12:22 EST 2017 lib-base/glib 2.51.0 built +----------------+ Mon Jan 2 10:16:25 EST 2017 lib-base/glib rebuilt (build 2) to add a slack-desc +----------------+ Mon Jan 2 10:18:54 EST 2017 x-base/atk 2.22.0 built +----------------+ Mon Jan 2 10:28:53 EST 2017 dev-general/yasm 1.3.0 built +----------------+ Mon Jan 2 10:29:13 EST 2017 lib-base/libjpeg-turbo 1.5.1 built +----------------+ Mon Jan 2 10:34:45 EST 2017 lib-base/libtiff 4.0.7 built +----------------+ Mon Jan 2 10:41:07 EST 2017 x-base/gdk-pixbuf 2.36.2 built +----------------+ Mon Jan 2 10:45:18 EST 2017 x-base/gdk-pixbuf rebuilt (build 2) to add a slack-desc +----------------+ Mon Jan 2 10:54:44 EST 2017 x-base/cairo 1.14.8 built +----------------+ Mon Jan 2 11:15:56 EST 2017 lib-base/harfbuzz 1.3.4 built lib-base/pango 1.40.3 built +----------------+ Mon Jan 2 13:13:15 EST 2017 x-base/gtk+ 2.24.29 built +----------------+ Mon Jan 2 13:21:42 EST 2017 xapps-base/leafpad 0.8.17 built +----------------+ Mon Jan 2 13:34:16 EST 2017 lib-base/alsa-lib 1.1.3 built +----------------+ Mon Jan 2 13:42:43 EST 2017 lib-base/nspr 4.13.1 built +----------------+ Mon Jan 2 13:58:42 EST 2017 lib-base/nspr removed +----------------+ Mon Jan 2 21:59:50 EST 2017 xapps-base/thunderbird 45.6.0 built xapps-base/firefox 45.6.0esr built x-base/xterm rebuilt (build 2) to fix a bug in which /etc/X11/app-defaults/XTerm was not installed. +----------------+ Mon Jan 2 23:32:39 EST 2017 base/pickle upgraded from 1.0.7 to 1.0.8 base/pickle rebuilt (build 2) +----------------+ Tue Jan 3 09:07:11 EST 2017 kernel/linux-source 4.4.38 built +----------------+ Tue Jan 3 10:29:54 EST 2017 kernel/linux-source rebuilt (build 2) +----------------+ Tue Jan 3 10:48:31 EST 2017 x-base/xf86-video-nouveau 1.0.13 built base/linux-headers reverted to version 4.4.2 +----------------+ Tue Jan 3 11:00:52 EST 2017 x-base/xf86-video-nouveau rebuit (build 2) +----------------+ Wed Jan 4 10:39:50 EST 2017 apps-base/alsa-utils 1.1.3 built +----------------+ Wed Jan 4 10:52:55 EST 2017 lib-base/alsa-plugins 1.1.1 built +----------------+ Wed Jan 4 11:21:58 EST 2017 lib-base/alsa-firmware 1.0.9 built +----------------+ Wed Jan 4 11:29:57 EST 2017 xapps-base/vlc 2.2.4 built +----------------+ Wed Jan 4 12:00:04 EST 2017 lib-base/gstreamer 1.10.2 built +----------------+ Wed Jan 4 13:14:28 EST 2017 apps-base/lvm2 2.02.168 built +----------------+ Wed Jan 4 13:20:19 EST 2017 apps-general/parted 3.2 built +----------------+ Thu Jan 5 11:39:50 EST 2017 lib-base/dbus 1.11.8 built +----------------+ Thu Jan 5 11:42:40 EST 2017 lib-base/dbus rebuilt (build 2) to fix a bug with the init script. +----------------+ Thu Jan 5 11:50:24 EST 2017 lib-general/dbus-glib 0.108 built +----------------+ Thu Jan 5 11:56:03 EST 2017 lib-general/libgudev 230 built +----------------+ Thu Jan 5 12:00:29 EST 2017 net-general/libndp 1.6 built +----------------+ Thu Jan 5 12:16:53 EST 2017 lib-base/nspr 4.13.1 built +----------------+ Thu Jan 5 13:02:53 EST 2017 lib-base/nss 3.28 built +----------------+ Thu Jan 5 13:14:01 EST 2017 lang-general/slang 2.2.4 built +----------------+ Thu Jan 5 14:05:11 EST 2017 net-general/network-manager 1.5.3 built +----------------+ Fri Jan 6 12:16:38 EST 2017 base/pkgtools upgraded from 14.2 to 14.2a to remove some broken setup scripts and add some new ones that actually do stuff. +----------------+ Fri Jan 6 12:35:08 EST 2017 base/pickle upgraded from 1.0.8 to 1.0.9 to add the --file-search option. +----------------+ Mon Jan 9 11:19:00 EST 2017 net-general/rsync rebuilt twice (builds 3 & 4) to fix a bug in which /etc/rsyncd.conf was not installed. +----------------+ Wed Jan 11 10:13:35 EST 2017 xfce-base/libxfce4util 4.12.1 built xfce-base/xfconf 4.12.0 built x-base/startup-notification 0.12 built +----------------+ Wed Jan 11 10:14:33 EST 2017 xfce-base/libxfce4ui 4.12.1 built +----------------+ Wed Jan 11 10:18:28 EST 2017 xfce-base/exo 0.10.7 built +----------------+ Wed Jan 11 10:37:37 EST 2017 xfce-base/garcon 0.4.0 built +----------------+ Wed Jan 11 10:41:27 EST 2017 xfce-base/gtk-xfce-engine 3.2.0 built +----------------+ Wed Jan 11 10:49:02 EST 2017 xfce-base/libwnck 2.30.7 built +----------------+ Wed Jan 11 10:49:42 EST 2017 xfce-base/xfce4-panel 4.12.0 built +----------------+ Wed Jan 11 11:04:56 EST 2017 lib-base/iso-codes 3.73 built x-base/libxklavier 5.4 built +----------------+ Wed Jan 11 11:20:47 EST 2017 xfce-base/thunar 1.60.10 built +----------------+ Wed Jan 11 11:21:39 EST 2017 xfce-base/lxde-icon-theme 0.5.1 built +----------------+ Wed Jan 11 11:32:00 EST 2017 xfce-base/hicolor-icon-theme 0.15 built xfce-base/thunar-volman 0.8.1 built +----------------+ Wed Jan 11 11:35:54 EST 2017 xfce-base/xfce4-appfinder 4.12.0 built +----------------+ Wed Jan 11 11:39:05 EST 2017 xfce-base/xfce4-settings 4.12.0 built +----------------+ Wed Jan 11 11:42:47 EST 2017 xfce-base/xfdesktop 4.12.3 built +----------------+ Wed Jan 11 11:49:57 EST 2017 xfce-base/xfwm4 4.12.3 built xfce-base/xfce4-session 4.12.1 built +----------------+ Wed Jan 11 11:56:05 EST 2017 xfce-base/xfdesktop rebuilt (build 2) +----------------+ Thu Jan 12 08:56:29 EST 2017 x-base/gdk-pixbuf rebuilt (build 3) to fix a bug in which the icon cache was not properly initialized. +----------------+ Fri Jan 20 08:39:41 EST 2017 base/bash patched and rebuilt (build 2) to fix CVE-2016-7543, a security flaw that allowed an unprivileged user to execute arbitrary commands as root via specially crafted PS4 and SHELLOPTS variables. For more information see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7543 http://www.openwall.com/lists/oss-security/2016/09/26/9 * SECURITY FIX * +----------------+ Fri Jan 20 12:14:19 EST 2017 base/linux upgraded from 4.4.38 to 4.4.44 to fix a few security issues: CVE-2016-9191 CVE-2017-2584 CVE-2017-2583 For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.44 * SECURITY FIX * +----------------+ Fri Jan 20 12:26:01 EST 2017 kernel/linux-source upgraded from 4.4.38 to 4.4.44 +----------------+ Fri Jan 20 12:49:48 EST 2017 lib-base/fuse 2.9.7 built and rebuilt (builds 1 & 2) +----------------+ Fri Jan 20 12:55:35 EST 2017 lib-base/fuse rebuilt (build 3) to fix a bug in which libraries were not put in the correct directory on x86_64. apps-base/ntfs-3g_ntfsprogs 2016.2.22 built +----------------+ Fri Jan 20 12:59:53 EST 2017 apps-base/dosfstools rebuilt (build 2) to fix a bug in which the slack-desc was not installed properly. +----------------+ Fri Jan 20 13:08:58 EST 2017 lib-base/lzo 2.09 built +----------------+ Fri Jan 20 13:16:40 EST 2017 apps-base/btrfs-progs v4.9 built +----------------+ Fri Jan 20 13:26:19 EST 2017 base/sysvinit-bootscripts upgraded from 1.0.1 to 1.0.2 to remove user prompting on an init script failure. +----------------+ Tue Jan 24 18:30:41 EST 2017 xapps-base/firefox upgraded from 45.6.0esr to 45.7.0esr * SECURITY FIX * +----------------+ Tue Jan 24 18:55:09 EST 2017 lib-base/poppler rebuilt to enable glib support +----------------+ Tue Jan 24 18:57:59 EST 2017 xapps-base/epdfview 0.1.8 built +----------------+ Wed Jan 25 20:55:39 EST 2017 lang-general/php upgraded from 5.6.29 to 5.6.30 to fix a few security bugs: CVE-2016-10159, CVE-2016-10160 and CVE-2016-10161. For more information see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10159 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10160 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10161 http://php.net/ChangeLog-5.php#5.6.30 * SECURITY FIX * +----------------+ Sun Jan 29 14:11:43 EST 2017 xapps-base/thunderbird upgraded from 45.6.0 to 45.7.0 to fix several security issues. For more infomation see: https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373 * SECURITY FIX * +----------------+ Sun Jan 29 14:15:56 EST 2017 lib-base/fuse rebuilt (build 4) to fix a bug in which the permissions on /tmp were clobbered. +----------------+ Fri Feb 10 12:46:41 EST 2017 x-general/libcroco 0.6.11 built +----------------+ Fri Feb 10 12:52:31 EST 2017 x-general/librsvg 2.40.13 built +----------------+ Fri Feb 10 13:05:32 EST 2017 x-general/lxdm 0.5.3 built +----------------+ Fri Feb 17 09:45:48 EST 2017 x-general/lxdm 0.5.3 rebuilt (builds 2-4) +----------------+ Sun Feb 19 09:00:32 EST 2017 x-general/vte 0.28.2 built +----------------+ Sun Feb 19 09:05:59 EST 2017 xfce-general/xfce4-terminal 0.6.3 built +----------------+ Sun Feb 19 09:11:46 EST 2017 lib-general/libexif 0.6.21 built +----------------+ Sun Feb 19 09:36:43 EST 2017 xfce-general/ristretto 0.8.2 built lib-base/shared-mime-info 0.91 built +----------------+ Sun Feb 19 09:38:15 EST 2017 xfce-general/ristretto rebuilt (build 2) to fix a bug in which the mime database was not updated. +----------------+ Sun Feb 19 12:01:10 EST 2017 xfce-general/tumbler 0.1.31 built +----------------+ Sun Feb 19 12:30:46 EST 2017 xfce-base/adwaita-icon-theme 3.18.0 built +----------------+ Sun Feb 19 12:31:14 EST 2017 net-general/tcpdump upgraded from 4.7.4 to 4.9.0 to fix several security issues which allowed a remote user to crash tcpdump. For more details see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486 * SECURITY FIX * +----------------+ Sun Feb 19 12:37:07 EST 2017 net-base/openssl upgraded from 1.0.2j to 1.0.2k to fix some security issues. For details see: https://www.openssl.org/news/secadv/20170126.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055 * SECURITY FIX * +----------------+ Sun Feb 19 13:15:24 EST 2017 net-base/pinentry 1.0.0 built +----------------+ Fri Feb 24 10:34:57 EST 2017 base/rpm2tgz 1.2.2 built +----------------+ Fri Feb 24 10:38:22 EST 2017 net-base/nettle 3.3 built +----------------+ Fri Feb 24 11:10:29 EST 2017 net-base/gnutls 3.5.9 built +----------------+ Fri Feb 24 11:15:20 EST 2017 apps-base/cups 2.2.2 built +----------------+ Fri Feb 24 11:18:11 EST 2017 apps-base/cups rebuilt (build 2) to fix a bug in which the package contents weren't actually installed. +----------------+ Fri Feb 24 11:24:44 EST 2017 apps-base/cups rebuilt (build 3) to fix a bug in which the configuration files were clobbered on update. +----------------+ Fri Feb 24 11:28:48 EST 2017 apps-base/cups rebuilt (builds 4 & 5) to fix a bug with the init script permissions and a bug where the configuration files were not properly installed. +----------------+ Fri Feb 24 11:40:51 EST 2017 apps-base/cups rebuilt (build 6) to add a client configuration file. +----------------+ Fri Feb 24 11:50:54 EST 2017 apps-base/cups rebuilt (build 7) to fix a bug in the default cupsd.conf. +----------------+ Sun Feb 26 18:56:53 EST 2017 xapps-base/firefox rebuilt (build 2) xapps-base/thunderbird rebuilt (build 2) +----------------+ Thu Mar 2 08:15:15 EST 2017 x-base/libnotify-0.5.2 built +----------------+ Thu Mar 2 08:22:02 EST 2017 lib-base/libusb 1.0.21 built +----------------+ Thu Mar 2 08:23:07 EST 2017 lib-base/upower 0.99.4 built +----------------+ Thu Mar 2 08:47:41 EST 2017 lib-base/js 17.0.0 built +----------------+ Thu Mar 2 08:49:26 EST 2017 xfce-base/xfce4-power-manager 1.4.4 built +----------------+ Thu Mar 2 09:12:16 EST 2017 lib-base/polkit 0.113 built +----------------+ Thu Mar 2 09:16:51 EST 2017 lib-base/upower upgraded from 0.99.4 to 0.9.23 +----------------+ Fri Mar 3 08:00:36 EST 2017 x-base/libglade 2.6.4 built xapps-base/xscreensaver 5.36 built +----------------+ Fri Mar 3 08:21:27 EST 2017 net-base/inetutils 1.9.4 built +----------------+ Fri Mar 3 09:48:31 EST 2017 xapps-base/xscreensaver 5.36 rebuilt (build 2) to fix a bug in which the package contents were not actually installed. +----------------+ Fri Mar 3 16:12:49 EST 2017 xapps-general/libreoffice 5.3.0.3 built +----------------+ Fri Mar 3 16:30:47 EST 2017 lang-general/vala 0.35.6 built +----------------+ Fri Mar 3 19:03:16 EST 2017 xfce-general/xfce4-alsa-plugin 0.1.1 built +----------------+ Fri Mar 3 19:03:39 EST 2017 lib-base/polkit rebuilt (build 2) to fix an installation bug in which the polkitd user and group were not added. +----------------+ Fri Mar 3 20:14:48 EST 2017 xfce-general/xfce4-battery-plugin 1.0.5 built +----------------+ Fri Mar 3 21:05:58 EST 2017 xfce-general/xfce4-places-plugin 1.7.0 built +----------------+ Fri Mar 3 21:10:52 EST 2017 xfce-general/xfce4-places-plugin rebuilt (build 2) to fix a bug in which the plugin crashed repeatedly. +----------------+ Fri Mar 3 21:18:44 EST 2017 xapps-base/galculator 2.1.4 built +----------------+ Sat Mar 4 12:56:41 EST 2017 xapps-base/libreoffice rebuilt (build 2) to fix a bug in which the root direct- ory was littered with extra files. +----------------+ Sat Mar 4 14:38:54 EST 2017 lib-general/glib-networking 2.50.0 built +----------------+ Sat Mar 4 14:39:34 EST 2017 lib-general/libsoup 2.57.1 built xfce-general/xfce4-screenshooter 5.3.0 built +----------------+ Sat Mar 4 14:45:46 EST 2017 apps-base/zip rebuilt (build 2) to fix a bug in which the man pages were not installed. +----------------+ Sat Mar 4 14:47:56 EST 2017 apps-base/unzip rebuilt (build 2) to fix a bug in which the man pages were not installed. +----------------+ Sat Mar 4 14:51:02 EST 2017 net-general/iptables rebuilt (build 2) to fix a bug in which the iptables init script would not handle "/etc/init.d/iptables stop" correctly. The stop argument now functions identically to the clear argument. +----------------+ Sat Mar 4 14:57:14 EST 2017 lib-base/dbus rebuilt (build 3) to enable the dbus service by default. Previously, the dbus service was disabled by default. However, so many other packages have come to be dependent on the dbus daemon that it made sense to just enable it by default at this point. If you don't like this decision you can just disable it :P +----------------+ Sun Mar 5 12:17:45 EST 2017 lib-base/libsecret 0.18.5 built +----------------+ Sun Mar 5 12:18:07 EST 2017 xfce-general/network-manager-applet 0.9.8.8 built +----------------+ Wed Mar 8 10:13:07 EST 2017 apps-base/pm-utils 1.4.1 built +----------------+ Wed Mar 8 11:46:46 EST 2017 x-base/qt4 4.8.7 built +----------------+ Wed Mar 8 21:38:47 EST 2017 xapps-base/firefox upgraded from 45.7.0 to 45.8.0 to fix some security issues and bugs. For more information see: https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html * SECURITY FIX * +----------------+ Thu Mar 9 08:41:33 EST 2017 xapps-base/thunderbird upgraded from 45.7.0 to 45.8.0 to fix some bugs and security issues. For more information see: https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html * SECURITY FIX * +----------------+ Sun Mar 12 20:57:52 EDT 2017 xfce-general/xfce4-theme-default-4.8 built +----------------+ Mon Mar 13 12:09:39 EDT 2017 x-base/libpthread-stubs removed This package contained a bugged version of the libpthread-stubs library, which isn't even necessary anymore. Unfortunately, 125 packages had linked against it, either directly or indirectly, so they all had to be rebuilt after it was removed. This was not fun. Hence the long changelog entry. x-base/util-macros rebuilt x-base/xorg-protocol-headers rebuilt x-base/libXau rebuilt x-base/libXdmcp rebuilt x-base/xcb-proto rebuilt x-base/libxcb rebuilt x-base/xorg-libraries rebuilt x-base/xcb-util rebuilt x-base/xcb-util-image rebuilt x-base/xcb-util-keysyms rebuilt x-base/xcb-util-renderutil rebuilt x-base/xcb-util-wm rebuilt x-base/xcb-util-cursor rebuilt dev-general/elfutils rebuilt x-base/libdrm rebuilt x-base/mesa rebuilt x-base/xbitmaps rebuilt x-base/xorg-applications rebuilt x-base/xcursor-themes rebuilt x-base/font-util rebuilt x-base/xorg-fonts rebuilt x-base/xkeyboard-config rebuilt x-base/pixman rebuilt x-base/xorg-server rebuilt x-base/twm rebuilt x-base/xterm rebuilt x-base/xclock rebuilt x-base/xinit rebuilt x-base/xf86-video-vesa rebuilt x-base/xf86-input-keyboard rebuilt x-base/xf86-input-mouse rebuilt x-base/libevdev rebuilt x-base/xf86-input-evdev rebuilt x-general/windowmaker rebuilt lib-base/glib rebuilt x-base/atk rebuilt dev-general/yasm rebuilt lib-base/libjpeg-turbo rebuilt lib-base/libtiff rebuilt x-base/gdk-pixbuf rebuilt x-base/cairo rebuilt lib-base/harfbuzz rebuilt x-base/pango rebuilt x-base/gtk+ rebuilt xapps-base/leafpad rebuilt lib-base/alsa-lib rebuilt x-base/xf86-video-nouveau rebuilt apps-base/alsa-utils rebuilt lib-base/alsa-plugins rebuilt lib-base/alsa-firmware rebuilt lib-base/gstreamer rebuilt apps-base/lvm2 rebuilt apps-general/parted rebuilt lib-base/dbus rebuilt lib-general/dbus-glib rebuilt lib-general/libgudev rebuilt net-general/libndp rebuilt lib-base/nspr rebuilt lib-base/nss rebuilt lang-general/slang rebuilt net-general/network-manager rebuilt xfce-base/libxfce4util rebuilt xfce-base/xfconf rebuilt x-base/startup-notification rebuilt xfce-base/libxfce4ui rebuilt xfce-base/exo rebuilt xfce-base/garcon rebuilt xfce-base/gtk-xfce-engine rebuilt xfce-base/libwnck rebuilt xfce-base/xfce4-panel rebuilt lib-base/iso-codes rebuilt x-base/libxklavier rebuilt xfce-base/thunar rebuilt xfce-base/lxde-icon-theme rebuilt xfce-base/hicolor-icon-theme rebuilt xfce-base/thunar-volman rebuilt xfce-base/xfce4-appfinder rebuilt xfce-base/xfce4-settings rebuilt xfce-base/xfdesktop rebuilt xfce-base/xfwm4 rebuilt xfce-base/xfce4-session rebuilt lib-base/fuse rebuilt apps-base/dosfstools rebuilt lib-base/lzo rebuilt apps-base/btrfs-progs rebuilt lib-base/poppler rebuilt xapps-base/epdfview rebuilt x-general/libcroco rebuilt x-general/librsvg rebuilt x-general/lxdm rebuilt x-general/vte rebuilt xfce-general/xfce4-terminal rebuilt lib-general/libexif rebuilt xfce-general/ristretto rebuilt lib-base/shared-mime-info rebuilt xfce-general/tumbler rebuilt xfce-base/adwaita-icon-theme rebuilt net-base/pinentry rebuilt base/rpm2tgz rebuilt net-base/nettle rebuilt net-base/gnutls rebuilt apps-base/cups rebuilt x-base/libnotify rebuilt lib-base/libusb rebuilt lib-base/js rebuilt lib-base/polkit rebuilt lib-base/upower rebuilt xfce-base/xfce4-power-manager rebuilt x-base/libglade rebuilt xapps-base/xscreensaver rebuilt net-base/inetutils rebuilt lang-general/vala rebuilt xfce-general/xfce4-alsa-plugin rebuilt xfce-general/xfce4-battery-plugin rebuilt xfce-general/xfce4-places-plugin rebuilt xapps-base/galculator rebuilt lib-general/glib-networking rebuilt lib-general/libsoup rebuilt xfce-general/xfce4-screenshooter rebuilt lib-general/libsecret rebuilt xfce-general/network-manager-applet rebuilt apps-base/pm-utils rebuilt x-base/qt4 rebuilt xapps-base/thunderbird rebuilt xapps-base/firefox rebuilt xapps-base/vlc rebuilt xapps-general/libreoffice rebuilt +----------------+ Thu Mar 16 11:50:27 EDT 2017 x-general/lxdm rebuild (builds 6 & 7) to change the default session from lxde to xfce (since Cucumber doesn't have lxde). Additionally, it changes the default login screen background from a boring navy blue to a picture of cucumbers! +----------------+ Thu Mar 16 12:05:06 EDT 2017 x-base/at-spi2-core 2.23.92 built +----------------+ Thu Mar 16 12:08:49 EDT 2017 x-base/at-spi2-atk 2.22.0 built +----------------+ Thu Mar 16 12:16:37 EDT 2017 x-base/libepoxy 1.4.1 built +----------------+ Thu Mar 16 12:29:43 EDT 2017 x-base/gtk+3 3.22.10 built +----------------+ Thu Mar 16 12:34:29 EDT 2017 xfce-base/xfce4-session rebuilt (build 3) in a failed attempt to fix the shutdown/restart action buttons in XFCE. +----------------+ Thu Mar 16 12:37:39 EDT 2017 xfce-base/xfce4-power-manager rebuilt (build 4) in another failed attempt to fix the XFCE action buttons. +----------------+ Thu Mar 16 13:06:49 EDT 2017 xfce-base/xfce4-session rebuilt (build 4) to fix the shutdown & restart action buttons in XFCE. +----------------+ Thu Mar 16 13:12:13 EDT 2017 xfce-general/network-manager-applet upgraded to version 1.4.6 +----------------+ Mon Mar 20 15:26:05 EDT 2017 xfce-base/hicolor-icon-theme rebuilt (build 3) to fix a bug in which the gtk icon caches were not updated properly. +----------------+ Mon Mar 20 15:47:16 EDT 2017 xfce-base/adwaite-icon-theme rebuilt (build 3) to fix a bug in which the gtk icon cache was not updated properly. +----------------+ Wed Mar 22 18:48:39 EDT 2017 x-base/gdk-pixbuf rebuilt (build 5) to add an init script that updates the cache. This was needed to fix a post-installation problem. +----------------+ Wed Mar 22 19:11:56 EDT 2017 x-base/gdk-pixbuf rebuild (build 6) to add some clarification to the init script. +----------------+ Wed Mar 22 19:26:17 EDT 2017 x-base/xf86-video-intel 0340718 built +----------------+ Wed Mar 29 10:43:56 EDT 2017 net-general/mariadb upgraded from 10.1.20 to 10.1.22 to fix a security vulnerability which, when exploited properly allows a low privileged user to access unautorized data. For more details see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313 * SECURITY FIX * +----------------+ Wed Mar 29 18:36:52 EDT 2017 lib-base/ijs 0.35 built +----------------+ Wed Mar 29 18:42:01 EDT 2017 lib-base/lcms2 2.8 built +----------------+ Wed Mar 29 18:47:59 EDT 2017 apps-base/qpdf 6.0.0 built +----------------+ Thu Mar 30 10:26:27 EDT 2017 apps-base/ghostscript 9.21 built +----------------+ Thu Mar 30 10:35:17 EDT 2017 lib-base/ijs rebuilt (build 2) to patch a bug which caused the pkgconfig files to be placed in /usr/lib instead of /usr/lib64 on x86_64. +----------------+ Thu Mar 30 11:02:12 EDT 2017 lib-base/poppler rebuilt (build 4) to link against lcsm2 +----------------+ Thu Mar 30 11:04:10 EDT 2017 apps-base/cups-filters 1.13.4 built +----------------+ Thu Mar 30 11:12:34 EDT 2017 apps-general/hplip 3.6.11 built +----------------+ Thu Mar 30 19:30:39 EDT 2017 net-general/net-snmp 5.7.3 built +----------------+ Thu Mar 30 19:33:25 EDT 2017 apps-general/hplip rebuilt (build 2) to enable network support. +----------------+ Thu Mar 30 19:59:11 EDT 2017 x-base/gtk+ rebuilt (build 2) to enable CUPS support. +----------------+ Thu Mar 30 20:03:08 EDT 2017 xapps-base/epdfview rebuilt (build 3) to apply a patch that was not applied correctly. +----------------+ Fri Mar 31 19:28:02 EDT 2017 base/cron 4.1 built +----------------+ Fri Mar 31 19:54:28 EDT 2017 base/cron 4.1 rebuilt (build 2) to add the init script +----------------+ Fri Mar 31 20:07:02 EDT 2017 base/cron rebuilt (build 3) to fix some issues with the init script +----------------+ Sat Apr 1 10:00:56 EDT 2017 xfce-base/adwaita-icon-theme rebuilt (build 4) to add an actual description to the slack-desc. +----------------+ Tue Apr 4 08:15:16 EDT 2017 lib-general/libburn 1.4.6 built +----------------+ Tue Apr 4 08:17:40 EDT 2017 lib-general/libisofs 1.4.6 built +----------------+ Tue Apr 4 08:21:39 EDT 2017 lib-general/libisoburn 1.4.6 built +----------------+ Tue Apr 4 08:25:50 EDT 2017 xfce-general/xfburn 0.5.4 built +----------------+ Tue Apr 4 08:31:18 EDT 2017 lib-general/gobject-introspection 1.50.0 built +----------------+ Tue Apr 4 08:55:22 EDT 2017 lib-general/babl 0.1.24 built +----------------+ Tue Apr 4 09:04:43 EDT 2017 lib-general/gegl 0.2.0 built +----------------+ Tue Apr 4 17:18:17 EDT 2017 xapps-general/gimp 2.8.20 built +----------------+ Thu Apr 6 07:53:31 EDT 2017 base/linux upgraded from 4.4.44 to 4.4.59 to fix a couple of security issues with xfrm. These issues stem from a failure to verify certain size data within the xfrm portion of the Linux kernel. Successful exploitation of this bug could result in privilege escalation. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-7184 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59 * SECURITY FIX * +----------------+ Thu Apr 6 08:45:38 EDT 2017 net-base/wpa_supplicant rebuilt (build 3) to fix a bug in the wpa configurationn method script. +----------------+ Thu Apr 6 15:39:34 EDT 2017 xapps-base/firefox upgraded from 45.8.0esr to 52.0.2esr. Support for Firefox 45 is ending next month so this is a necessary change. * SECURITY FIX * +----------------+ Fri Apr 7 16:25:45 EDT 2017 xapps-base/thunderbird ugraded from 45.8.0 to 52.0. Support for Firefox/Thunder- bird 45 is ending next month, so this is a necessary change. * SECURITY FIX * +----------------+ Fri Apr 7 16:58:33 EDT 2017 kernel/linux-source upgraded from 4.4.44 to 4.4.59 +----------------+ Sat Apr 8 11:30:34 EDT 2017 base/lsb-info 1.0.alpha built +----------------+ Tue Apr 11 12:54:01 EDT 2017 xapps-base/firefox rebuilt (build 2) to revert the GUI style to GTK2 +----------------+ Wed Apr 12 07:22:20 EDT 2017 xapps-base/thunderbird rebuilt (build 2) to revert the GUI style to GTK2 +----------------+ Thu Apr 13 18:45:35 EDT 2017 net-general/apache rebuilt (build 8) to fix a bug in which the man pages were installed with non-root ownership. +----------------+ Mon Apr 17 09:19:00 EDT 2017 xapps-base/firefox rebuilt (build 3) to fix a bug in which audio playback was broken. lib-base/ffmpeg 3.3 built +----------------+ Tue Apr 18 08:20:40 EDT 2017 base/coreutils rebuilt (build 2) to fix a few problems: - Moved du to /bin so pkgtools could find it. - Fixed uname -p and uname -i. - Removed quotes around file names with spaces in ls. +----------------+ Fri Apr 21 15:22:33 EDT 2017 base/eudev rebuilt (build 2) to fix a misplaced library on x86_64 +----------------+ Sat Apr 22 12:15:55 EDT 2017 Some packages were moved around: xapps-base/firefox was moved to xapps-general/firefox xapps-base/thunderbird was moved to xapps-general/thunderbird These packages were moved in order to keep the base package groups under 700 MB so the basic ISO can still fit on a single CD. lib-general/dbus-glib was moved to lib-base/dbus-glib lib-general/pcre was moved to lib-base/pcre These packages were moved to fix some unresolved dependencies in the base package groups. +----------------+ Sat Apr 22 18:22:12 EDT 2017 xapps-general/firefox updated from 52.0.2 to 52.1 to fix some security issues. For more information see: https://www.mozilla.org/en-US/firefox/52.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/ * SECURITY FIX * +----------------+ Sat Apr 22 19:05:06 EDT 2017 base/lsb-info rebuilt (build 2) to change the relase number from 1.0 to 1.0.alpha in order to support the new cucumber tree directory structure and some upcoming changes in Pickle. +----------------+ Sun Apr 23 11:27:56 EDT 2017 base/cron rebuilt (build 4) to fix a problem in the init script. +----------------+ Fri Apr 28 14:03:27 EDT 2017 base/pickle upgraded from 1.0.9 to 1.0.10 base/shadow rebuilt (build 2) to add the adduser script. +----------------+ Fri Apr 28 14:48:45 EDT 2017 base/etc upgraded from 1.0.3 to 1.0.4 to add a PS1 prompt to /etc/profile and to create a /etc/skel directory. +----------------+ Thu May 4 14:51:21 EDT 2017 ***** Cucumber Linux 1.0 Beta 1 Released ***** Version 1.0.beta.1 of Cucumber Linux has been released. This branch has been forked off the 1.0.alpha branch into the 1.0.beta branch. +----------------+ Tue May 16 21:05:43 EDT 2017 lib-base/freetype rebuilt (build 2) to patch CVE-2017-8287, a buffer overflow related attack. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-8287 * SECURITY FIX * +----------------+ Wed May 17 10:10:37 EDT 2017 xapps-general/thunderbird upgraded from 52.0 to 52.1.0 to fix some security issues. For more details see: https://www.mozilla.org/en-US/thunderbird/52.1.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/ * SECURITY FIX * +----------------+ Mon May 22 13:03:27 EDT 2017 net-base/iputils rebuilt (build 2) to add the missing man pages. +----------------+ Mon May 22 20:45:41 EDT 2017 base/sysvinit-bootscripts upgraded from 1.0.2 to 1.0.3 to add support for /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown scripts. base/linux upgraded from 4.4.59 to 4.9.29. The 4.4.x branch of the Linux kernel will be supported until only the end of January, 2018; however, the 4.9.x branch will be supported through 2022. This was a necessary change in order to support the first version of Cucumber Linux past January 2018. kernel/linux-source upgraded from 4.4.59 to 4.9.29 to reflect the new kernel version. +----------------+ Wed May 24 09:47:52 EDT 2017 xapps-general/libreoffice rebuilt (build 4) to fix a few build related problems: 1. Enabled CUPS support (so printing should work now) 2. Made the .desktop files executable 3. Changed the provider name to 'Cucumber Linux' +----------------+ Wed May 24 11:14:25 EDT 2017 apps-general/hplip rebuilt (build 3) to remove the unnecessary /usr/lib/systemd directory. +----------------+ Wed May 24 15:07:50 EDT 2017 dev-general/llvm rebuilt (build 2) to fix a bug in which the libraries were placed under /usr/lib on x86_64 instead of /usr/lib64. +----------------+ Wed May 24 16:49:51 EDT 2017 xapps-base/vlc upgraded from 2.2.4 to 2.2.6 to fix a few security vulnerabilities which, amongst other things, allowed arbitrary code execution and denial of service via a specially crafted subtitles file. For more information see: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8313 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8311 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8310 * SECURITY FIX * +----------------+ Wed May 24 17:53:28 EDT 2017 base/pkgtools upgraded from 14.2a to 14.2b to fix some misplaced man pages. apps-base/man rebuilt (build 3) to fix some misplaced man pages and documentation. apps-general/p7zip rebuilt (build 2) to fix some misplaced man pages. net-base/iputils rebuilt (build 2) to fix some misplaced documentation. +----------------+ Wed May 24 18:24:04 EDT 2017 base/tar rebuilt (build 2) to remove some misplaced tar 1.13 info pages. +----------------+ Wed May 24 22:13:14 EDT 2017 lib-base/libtiff upgraded from 4.0.7 to 4.0.8 to fix several security issues and other bugs. For more details see: http://www.simplesystems.org/libtiff/v4.0.8.html * SECURITY FIX * +----------------+ Fri May 26 17:19:20 EDT 2017 net-general/iptables rebuilt (build 3) to fix some bugs in the init script which caused the IPv6 tables to not be set correctly. +----------------+ Sat May 27 18:00:20 EDT 2017 dev-general/llvm rebuild (build 3) to move the resource directory from /usr/lib to /usr/lib64 on x86_64 +----------------+ Sat May 27 18:13:27 EDT 2017 apps-base/lvm2 rebuilt (build 3) to move some misplaced files to /usr/lib64 on x86_64 +----------------+ Sun May 28 18:24:45 EDT 2017 The following packages were rebuilt to fix broken slack-desc files: net-base/gnupg (build 2) base/linux-firmware (upgraded from 20161008 to 20170528) lib-base/libnl (build 2) lang-base/perl-XML-Parser (build 2) x-base/xf86-video-intel (build 2) x-base/xf86-video-nouveau (build 2) +----------------+ Tue May 30 17:27:43 EDT 2017 apps-base/sudo upgraded from 1.8.17p1 to 1.8.20p1 to fix CVE-2017-1000367, a security vulnerability in which a user with sudo access could trick sudo into using an arbitrary device number (i.e. an arbitrary tty instead of the one the user is actually using) via a specially crafted symbolic link. For more information see: https://www.sudo.ws/alerts/linux_tty.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367 * SECURITY FIX * +----------------+ Tue May 30 17:58:58 EDT 2017 apps-base/sudo rebuilt (build 2) to fix a bug in which the /etc/sudoers file was clobbered when upgrading the package. +----------------+ Tue May 30 18:48:42 EDT 2017 net-base/gnupg rebuilt (build 3) to remove an accidental dependency on sqlite. +----------------+ Wed May 31 11:36:30 EDT 2017 net-base/dhcpcd rebuilt (build 3) to add network configuration templates that allowed better control of ipv4 and ipv6 specific addressing. +----------------+ Wed May 31 13:21:13 EDT 2017 net-base/dhcpcd rebuilt (build 4) to make the configuration templates' format more consistant with the other templates. net-base/network-scripts upgraded from 1.0.2 to 1.0.3 to add support for IPv6. +----------------+ Fri Jun 2 15:17:32 EDT 2017 apps-base/screen upgraded from 4.4.0 to 4.5.1 to fix a security vulnerability which allows users to modify arbitrary files via an improper checking of log file permissions. This could allow a local, unprivileged user to gain root access. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-5618 * SECURITY FIX * +----------------+ Mon Jun 5 16:01:04 EDT 2017 base/linux upgraded from 4.9.29 to 4.9.30. The kernel config was changed so that IPv6 support is compiled directly into the kernel (it was previously a module). This should fix several IPv6 related problems. kernel/linux-source upgraded from 4.9.29 to 4.9.30. +----------------+ Thu Jun 8 10:47:18 EDT 2017 xfce-base/xfce4-settings rebuilt (build 3) to change the default theme settings to sane defaults (Xfce and Adwaita). +----------------+ Tue Jun 13 20:19:48 EDT 2017 Multilib support added in x86_64. The following packages were built to accomplish this (x86_64 only): multilib/apps-base/ghostscript-lib_i686-9.21 multilib/apps-base/lvm2-lib_i686-2.02.168 multilib/apps-base/cups-lib_i686-2.2.2 multilib/apps-base/cups-filters-lib_i686-1.13.4 multilib/apps-base/qpdf-lib_i686-6.0.0 multilib/apps-base/ntfs-3g_ntfsprogs-lib_i686-2016.2.22 multilib/apps-base/btrfs-progs-lib_i686-v4.9 multilib/apps-general/parted-lib_i686-3.2 multilib/apps-general/sqlite-lib_i686-3150200 multilib/apps-general/lm_sensors-lib_i686-3.4.0 multilib/apps-general/hplip-lib_i686-3.16.11 multilib/base/readline-lib_i686-6.3 multilib/base/glibc-lib_i686-2.23 multilib/base/procps-ng-lib_i686-3.3.11 multilib/base/gettext-lib_i686-0.19.7 multilib/base/ncurses-lib_i686-6.0 multilib/base/eudev-lib_i686-3.1.5 multilib/base/bzip2-lib_i686-1.0.6 multilib/base/util-linux-lib_i686-2.27.1 multilib/base/attr-lib_i686-2.4.47 multilib/base/efivar-lib_i686-27 multilib/base/acl-lib_i686-2.2.52 multilib/base/file-lib_i686-5.25 multilib/base/pciutils-lib_i686-3.5.1 multilib/base/zlib-lib_i686-1.2.8 multilib/base/libcap-lib_i686-2.25 multilib/base/kmod-lib_i686-22 multilib/base/xz-lib_i686-5.2.2 multilib/base/e2fsprogs-lib_i686-1.42.13 multilib/base/popt-lib_i686-1.16 multilib/dev-base/libtool-lib_i686-2.4.6 multilib/dev-base/binutils-lib_i686-2.26 multilib/dev-base/flex-lib_i686-2.6.0 multilib/dev-base/gcc-lib_i686-5.3.0 multilib/dev-general/elfutils-lib_i686-0.165 multilib/dev-general/llvm-lib_i686-3.7.1 multilib/lang-base/python2-lib_i686-2.7.13 multilib/lang-base/python3-lib_i686-3.6.0 multilib/lang-general/vala-lib_i686-0.35.6 multilib/lang-general/slang-lib_i686-2.2.4 multilib/lib-base/libnl-lib_i686-3.2.28 multilib/lib-base/fuse-lib_i686-2.9.7 multilib/lib-base/expat-lib_i686-2.2.0 multilib/lib-base/libusb-lib_i686-1.0.21 multilib/lib-base/upower-lib_i686-0.9.23 multilib/lib-base/nspr-lib_i686-4.13.1 multilib/lib-base/gdbm-lib_i686-1.11 multilib/lib-base/glib-lib_i686-2.51.0 multilib/lib-base/libffi-lib_i686-3.2.1 multilib/lib-base/mpfr-lib_i686-3.1.3 multilib/lib-base/libpng-lib_i686-1.6.27 multilib/lib-base/gstreamer-lib_i686-1.10.2 multilib/lib-base/gmp-lib_i686-6.1.0 multilib/lib-base/mpc-lib_i686-1.0.3 multilib/lib-base/libjpeg-turbo-lib_i686-1.5.1 multilib/lib-base/poppler-lib_i686-0.45.0 multilib/lib-base/freetype-lib_i686-2.7 multilib/lib-base/ijs-lib_i686-0.35 multilib/lib-base/alsa-lib-lib_i686-1.1.3 multilib/lib-base/lcms2-lib_i686-2.8 multilib/lib-base/talloc-lib_i686-2.1.8 multilib/lib-base/libgcrypt-lib_i686-1.7.3 multilib/lib-base/npth-lib_i686-1.3 multilib/lib-base/dbus-glib-lib_i686-0.108 multilib/lib-base/libksba-lib_i686-1.3.5 multilib/lib-base/libassuan-lib_i686-2.4.3 multilib/lib-base/libgpg-error-lib_i686-1.25 multilib/lib-base/ffmpeg-lib_i686-3.3 multilib/lib-base/dbus-lib_i686-1.11.8 multilib/lib-base/fontconfig-lib_i686-2.12.1 multilib/lib-base/harfbuzz-lib_i686-1.3.4 multilib/lib-base/nss-lib_i686-3.28 multilib/lib-base/js-lib_i686-17.0.0 multilib/lib-base/libtiff-lib_i686-4.0.8 multilib/lib-base/pcre-lib_i686-8.39 multilib/lib-base/mtdev-lib_i686-1.1.5 multilib/lib-base/polkit-lib_i686-0.113 multilib/lib-general/libarchive-lib_i686-3.2.2 multilib/lib-general/libgudev-lib_i686-230 multilib/lib-general/libsoup-lib_i686-2.57.1 multilib/lib-general/apr-lib_i686-1.5.2 multilib/lib-general/libxml2-lib_i686-2.9.4 multilib/lib-general/libisofs-lib_i686-1.4.6 multilib/lib-general/liblinear-lib_i686-210 multilib/lib-general/libisoburn-lib_i686-1.4.6 multilib/lib-general/libexif-lib_i686-0.6.21 multilib/lib-general/newt-lib_i686-0.52.19 multilib/lib-general/gegl-lib_i686-0.2.0 multilib/lib-general/apr-util-lib_i686-1.5.4 multilib/lib-general/gobject-introspection-lib_i686-1.50.0 multilib/lib-general/libburn-lib_i686-1.4.6 multilib/lib-general/libpcap-lib_i686-1.8.0 multilib/lib-general/libsecret-lib_i686-0.18.5 multilib/lib-general/babl-lib_i686-0.1.24 multilib/net-base/curl-lib_i686-7.52.1 multilib/net-base/openssl-lib_i686-1.0.2k multilib/net-base/gnutls-lib_i686-3.5.9 multilib/net-base/wireless-tools-lib_i686-29 multilib/net-base/nettle-lib_i686-3.3 multilib/net-general/mariadb-lib_i686-10.1.22 multilib/net-general/net-snmp-lib_i686-5.7.3 multilib/net-general/libndp-lib_i686-1.6 multilib/net-general/iptables-lib_i686-1.6.0 multilib/net-general/network-manager-lib_i686-1.5.3 multilib/x-base/xcb-util-lib_i686-0.4.0 multilib/x-base/xorg-libraries-lib_i686-7.7 multilib/x-base/libevdev-lib_i686-1.4.6 multilib/x-base/gtk+3-lib_i686-3.22.10 multilib/x-base/xf86-video-intel-lib_i686-0340718 multilib/x-base/libdrm-lib_i686-2.4.66 multilib/x-base/xcb-util-image-lib_i686-0.4.0 multilib/x-base/pango-lib_i686-1.40.3 multilib/x-base/at-spi2-atk-lib_i686-2.22.0 multilib/x-base/mesa-lib_i686-11.1.4 multilib/x-base/libglade-lib_i686-2.6.4 multilib/x-base/pixman-lib_i686-0.34.0 multilib/x-base/xcb-util-renderutil-lib_i686-0.3.9 multilib/x-base/startup-notification-lib_i686-0.12 multilib/x-base/libnotify-lib_i686-0.5.2 multilib/x-base/gtk+-lib_i686-2.24.29 multilib/x-base/xcb-util-wm-lib_i686-0.4.1 multilib/x-base/libxklavier-lib_i686-5.4 multilib/x-base/atk-lib_i686-2.22.0 multilib/x-base/gdk-pixbuf-lib_i686-2.36.2 multilib/x-base/xcb-util-cursor-lib_i686-0.1.2 multilib/x-base/xcb-util-keysyms-lib_i686-0.4.0 multilib/x-base/libxcb-lib_i686-1.11.1 multilib/x-base/qt4-lib_i686-4.8.7 multilib/x-base/libXdmcp-lib_i686-1.1.2 multilib/x-base/libXau-lib_i686-1.0.8 multilib/x-base/libepoxy-lib_i686-1.4.1 multilib/x-base/at-spi2-core-lib_i686-2.23.92 multilib/x-base/cairo-lib_i686-1.14.8 multilib/x-general/librsvg-lib_i686-2.40.13 multilib/x-general/vte-lib_i686-0.28.2 multilib/x-general/libcroco-lib_i686-0.6.11 multilib/x-general/windowmaker-lib_i686-0.95.7 multilib/xapps-base/vlc-lib_i686-2.2.6 multilib/xapps-general/gimp-lib_i686-2.8.20 multilib/xfce-base/xfce4-session-lib_i686-4.12.1 multilib/xfce-base/libxfce4util-lib_i686-4.12.1 multilib/xfce-base/libwnck-lib_i686-2.30.7 multilib/xfce-base/thunar-lib_i686-1.6.10 multilib/xfce-base/xfce4-panel-lib_i686-4.12.0 multilib/xfce-base/libxfce4ui-lib_i686-4.12.1 multilib/xfce-base/exo-lib_i686-0.10.7 multilib/xfce-base/xfconf-lib_i686-4.12.0 multilib/xfce-base/garcon-lib_i686-0.4.0 multilib/xfce-general/tumbler-lib_i686-0.1.31 multilib/xfce-general/network-manager-applet-lib_i686-1.4.6 +----------------+ Wed Jun 14 13:25:39 EDT 2017 base/pickle upgraded from 1.0.10 to 1.0.11 to fix a bug which could cause the package name to be incorrect when the package is nested more than one directory deep. +----------------+ Thu Jun 15 12:59:26 EDT 2017 xapps-general/firefox upgraded from 52.1.0esr to 52.2.0esr to fix several security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/ * SECURITY FIX * +----------------+ Thu Jun 15 16:19:11 EDT 2017 xapps-general/thunderbird upgraded from 52.1.0 to 52.2.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/ * SECURITY FIX * +----------------+ Fri Jun 16 15:57:18 EDT 2017 base/etc upgraded from 1.0.4 to 1.0.5 to add serial terminal entries to /etc/inittab. +----------------+ Sat Jun 17 10:48:09 EDT 2017 net-base/gnutls upgraded from 3.5.9 to 3.5.13 to fix a bug in which a null pointer dereference could lead to a crash of a gnutls application. For more details see: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 https://lists.gnupg.org/pipermail/gnutls-devel/2017-June/008446.html multilib/net-base/gnutls-lib_i686 upgraded from 3.5.9 to 3.5.13 (x86_64 only) * SECURITY FIX * +----------------+ Sat Jun 17 12:10:03 EDT 2017 base/pickle upgraded from 1.0.11 to 1.0.12 to fix another bug with packages nested more than 1 directory deep and add some new features: an option to suppress new package announcements, a warning when installing testing packages and an option to select/ deselect all packages when updating the system. +----------------+ Mon Jun 19 19:32:13 EDT 2017 base/grub rebuilt (build 2) to add EFI support. +----------------+ Mon Jun 19 19:55:01 EDT 2017 base/pickle upgraded from 1.0.12 to 1.0.13 to add support for the new/up update type. +----------------+ Mon Jun 19 20:07:33 EDT 2017 base/mtools 4.0.18 built. This satisfies an unmet dependency in grub-mkrescue. +----------------+ Tue Jun 20 09:27:01 EDT 2017 net-general/apache upgraded from 2.4.25 to 2.4.26 to fix a few security vulnerabilities which (amongst other things) allowed for bypassing of the normal authentication requirements when third party modules called ap_get_basic_auth_pw() under certain circumstances (CVE-2017-3167). It also patches some vulnerabilties related to invalid memory access (CVE-2017-3169 and CVE-2017-7679). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-3169 https://nvd.nist.gov/vuln/detail/CVE-2017-7679 https://nvd.nist.gov/vuln/detail/CVE-2017-3167 http://www-us.apache.org/dist//httpd/CHANGES_2.4.26 * SECURITY FIX * +----------------+ Tue Jun 20 13:18:01 EDT 2017 net-general/network-manager moved to the testing directory. xfce-general/network-manager-applet moved to the testing directory. multilib/net-general/network-manager moved to the testing directory. These packages have proven to be quite problematic and are standing in the way of a stable release. Therefore they have been removed from the mainline repositories. +----------------+ Tue Jun 20 14:03:08 EDT 2017 base/lsb-info upgraded from 1.0.beta to 1.0.rc +----------------+ Tue Jun 20 14:12:32 EDT 2017 ***** Cucumber Linux 1.0 Release Candidate 1 Released ***** Version 1.0.rc.1 of Cucumber Linux has been released. This branch has been forked off the 1.0.beta branch into the 1.0.rc branch. +----------------+ Wed Jun 21 09:59:03 EDT 2017 base/pickle upgraded from 1.0.13 to 1.0.14 to fix a bug with the new/up update type in which a package would show up as an update even if the update was already installed. +----------------+ Tue Jun 27 15:22:32 EDT 2017 base/linux upgraded from 4.9.30 to 4.9.34 to fix a couple of stack smashing related security vulnerabilities. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt kernel/linux source upgraded from 4.9.30 to 4.9.34 to reflect the new kernel version. * SECURITY FIX * +----------------+ Sun Jul 2 09:35:41 EDT 2017 base/linux upgraded from 4.9.34 to 4.9.35 to fix a couple of security vulnerabilities: CVE-2017-7482, a buffer overflow attack and CVE-2017-1000365, a stack overflow attack which, when leveraged properly in setuid binaries could result in arbitrary code execution as root. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35 https://nvd.nist.gov/vuln/detail/CVE-2017-7482 https://nvd.nist.gov/vuln/detail/CVE-2017-1000365 kernel/linux-source upgraded from 4.9.34 to 4.9.35 to reflect the new kernel version. * SECURITY FIX * +----------------+ Sun Jul 2 12:35:21 EDT 2017 lib-base/libgcrypt upgraded from 1.7.3 to 1.7.8 to fix CVE-2017-7526, a side- channel attack on RSA private keys. For more information see: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html https://eprint.iacr.org/2017/627 https://nvd.nist.gov/vuln/detail/CVE-2017-7526 multilib/lib-base/libgrcypt-lib_i686 upgraded from 1.7.3 to 1.7.8 (x86_64 only). * SECURITY FIX * +----------------+ Mon Jul 3 09:45:52 EDT 2017 ***** Cucumber Linux 1.0 Release Candidate 2 Released ***** Version 1.0.rc.2 of Cucumber Linux has been released. +----------------+ Thu Jul 6 17:26:26 EDT 2017 x-base/xorg-server rebuilt (build 3) to fix some stack overflow related security issues which could, amongst other things, result in an X server crash or arbitrary code execution at the privilege level of the X server by an unprivileged, authenticated user. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-10971 https://nvd.nist.gov/vuln/detail/CVE-2017-10972 https://bugzilla.suse.com/show_bug.cgi?id=1035283 * SECURITY FIX * +----------------+ Thu Jul 6 17:49:22 EDT 2017 apps-general/unrar upgraded from 5.4.5 to 5.5.6 to fix a security issue which could result in arbitrary code execution. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2012-6706 * SECURITY FIX * +----------------+ Sat Jul 8 08:46:48 EDT 2017 lang-general/php upgraded from 5.6.30 to 5.6.31 to fix several security issues. For more information see: https://php.net/ChangeLog-5.php#5.6.31 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9229 * SECURITY FIX * +----------------+ Mon Jul 10 16:17:02 EDT 2017 ***** Cucumber Linux 1.0 Released ***** Version 1.0 of Cucumber Linux has been released. ***** This Version of Cucumber Linux is now in the "Full Support" stage. ***** +----------------+ Thu Jul 13 14:59:42 EDT 2017 testing/lib-testing/gstreamer0 0.10.36 built +----------------+ Thu Jul 13 15:10:58 EDT 2017 net-general/apache upgraded from 2.4.26 to 2.4.27 to fix a couple of security vulnerabilities which when exploited could result in a denial of service (server crash), leaking of sensitive information and/or erratic behavior. For more information see: https://httpd.apache.org/security/vulnerabilities_24.html https://nvd.nist.gov/vuln/detail/CVE-2017-9788 https://nvd.nist.gov/vuln/detail/CVE-2017-9789 * SECURITY FIX * +----------------+ Fri Jul 14 09:24:33 EDT 2017 lib-base/gstreamer rebuilt (build 3) to enable gobject-introspection support multilib/lib-base/gstreamer rebuilt (build 3, x86_64 only) +----------------+ Sat Jul 15 08:47:35 EDT 2017 net-general/mariadb upgraded from 10.1.22 to 10.1.25 to fix several security vulnerabilities. For more information see: https://mariadb.com/kb/en/mariadb/security/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3309 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3464 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.22 to 10.1.25 (x86_64 only). * SECURITY FIX * +----------------+ Tue Jul 18 13:57:08 EDT 2017 testing/lib-testing/gst-plugins-base 1.10.2 built testing/multilib/lib-testing/gst-plugins-base-lib_i686 1.10.2 built (x86_64) +----------------+ Tue Jul 18 14:05:28 EDT 2017 testing/lib-testing/freerdp 2.0.0 built testing/multilib/lib-testing/freerdp-lib_i686 2.0.0 built (x86_64) +----------------+ Tue Jul 18 14:24:39 EDT 2017 testing/lib-testing/libssh 0.7.5 built testing/mutlilib/lib-testing/libssh-lib_i686 0.7.5 built (x86_64 only) +----------------+ Wed Jul 19 09:34:46 EDT 2017 lib-base/expat upgraded from 2.2.0 to 2.2.2 to fix CVE-2017-9233, a security vulnerability which allows a maliciously crafted external XML entity to loop indefinitely, causing a denial of service. For more information see: https://libexpat.github.io/doc/cve-2017-9233/ https://nvd.nist.gov/vuln/detail/CVE-2017-9233 https://github.com/libexpat/libexpat/blob/R_2_2_2/expat/Changes multilib/lib-base/expat-lib_i686 upgraded from 2.2.0 to 2.2.2 (x86_64 only) * SECURITY FIX * +----------------+ Thu Jul 20 09:48:49 EDT 2017 x-general/librsvg upgraded from 2.40.13 to 2.40.18 to fix CVE-2017-11464, a security vulnerability which resulted from an incorrect protection against division by zero. The full impact of this vulnerability has yet to be analyzed. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-11464 multilib/x-general/librsvg-lib_i686 upgraded from 2.40.13 to 2.40.18 (x86_64 only) * SECURITY FIX * +----------------+ Fri Jul 21 15:10:54 EDT 2017 base/linux upgraded from 4.9.35 to 4.9.39 to fix a few security issues: the "stack clash" vulnerability (CVE-2017-1000370 and CVE-2017-1000371) which required additional patching after the first two attempts to fix it and CVE-2016-6213 which allowed an unprivileged local user to perform a denial of service via memory consumption from the mount system calls. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39 https://nvd.nist.gov/vuln/detail/CVE-2016-6213 https://nvd.nist.gov/vuln/detail/CVE-2017-1000370 https://nvd.nist.gov/vuln/detail/CVE-2017-1000371 kernel/linux-source upgraded from 4.9.35 to 4.9.39 to reflect the new kernel version. * SECURITY FIX * +----------------+ Sun Jul 23 10:51:08 EDT 2017 net-general/tcpdump upgraded from 4.9.0 to 4.9.1 to fix CVE-2017-11108, a local denial of service vulnerability in the spanning tree protocol (STP) implementation in tcpdump. For more information see: http://www.tcpdump.org/tcpdump-changes.txt https://nvd.nist.gov/vuln/detail/CVE-2017-11108 * SECURITY FIX * +----------------+ Wed Jul 26 10:29:37 EDT 2017 apps-base/qpdf rebuilt (build 2) to fix a few denial of service vulnerabilities that resulted from an infinite loop and consequential stack consumption. For more information see: https://github.com/qpdf/qpdf/commit/ac3c81a8edcb44e2669485630d6718c96a6ad6e9?diff=unified#diff-ad119d01ec6004b768ca4c575f4a3df1 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11624 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11626 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11627 multilib/apps-base/qpdf rebuilt (version 2, x86_64 only). * SECURITY FIX * +----------------+ Fri Aug 4 09:50:08 EDT 2017 base/shadow rebuilt (build 3) to fix CVE-2017-12424, a buffer overflow vulnera- bility that could result in crashes and other unspecified impacts, possibly including privilege escalation. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 * SECURITY FIX * +----------------+ Thu Aug 10 08:18:49 EDT 2017 net-base/curl upgraded from 7.52.1 to 7.55.0 to fix a few buffering related security vulnerabilities, namely a buffer overflow vulnerability (CVE-2017-1000100) and two read from buffer out of bounds vulnerabilities (CVE-2017-1000101 and CVE-2017-1000099). For more information see: https://curl.haxx.se/changes.html#7_55_0 https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/docs/adv_20170809C.html https://nvd.nist.gov/vuln/CVE-2017-1000101 https://nvd.nist.gov/vuln/CVE-2017-1000100 https://nvd.nist.gov/vuln/CVE-2017-1000099 multilib/net-base/curl-lib_i686 upgraded from 7.52.1 to 7.55.0 (x86_64 only) * SECURITY FIX * +----------------+ Thu Aug 10 11:48:55 EDT 2017 xapps-general/firefox upgraded from 52.2.0 to 52.3.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/ * SECURITY FIX * +----------------+ Thu Aug 10 20:59:25 EDT 2017 lib-general/libsoup upgraded from 2.57.1 to 2.59.90.1 to fix CVE-2017-2885, a remotely exploitable stack based buffer overflow vulnerability (triggerable via a specially crafted HTTP request) that could result in remote code execution. For more information see: https://nvd.nist.gov/vuln/CVE-2017-2885 http://ftp.gnome.org/pub/GNOME/sources/libsoup/2.59/libsoup-2.59.90.1.news https://bugzilla.gnome.org/show_bug.cgi?id=785774 * SECURITY FIX * +----------------+ Sun Aug 13 10:05:06 EDT 2017 dev-general/git upgraded from 2.10.1 to 2.10.4 to fix CVE-2017-1000117, a vulnerability in which a specially crafted "ssh://..." URL could result in an arbitrary program being executed on the client system. For more information see: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u https://kernel.googlesource.com/pub/scm/git/git/+/0bfff8146f8c055fd95af4567286929ba8216fa7/Documentation/RelNotes/2.10.4.txt https://kernel.googlesource.com/pub/scm/git/git/+/5e0649dc65fe33e8cf38823350e9d7951f6a6346/Documentation/RelNotes/2.7.6.txt https://nvd.nist.gov/vuln/CVE-2017-1000117 * SECURITY FIX * +----------------+ Sun Aug 13 15:58:25 EDT 2017 base/linux upgraded from 4.9.39 to 4.9.43 to fix CVE-2017-10663, a vulnerability with the F2FS (Flash Friendly File System) implementation in the Linux kernel that could result in arbitrary code execution in the kernel space. This vulnerability was exploitable when mounting a maliciously crafted device or disk image. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.42 http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerability-f2fs-file-system-leads-memory-corruption-android-linux/ https://nvd.nist.gov/vuln/CVE-2017-10663 kernel/linux-source upgraded from 4.9.39 to 4.9.43 to reflect the new kernel version. * SECURITY FIX * +----------------+ Sun Aug 13 18:00:57 EDT 2017 net-base/openssl rebuilt (build 2) to fix some misplaced documentation. Previously, the openssl docs were placed in /usr/share/doc/openssl-1.0.2g regardless of what version of openssl was actually installed. The documentation directory now properly reflects the openssl version. multilib/net-base/openssl rebuilt (build 2, x86_64 only). +----------------+ Tue Aug 15 07:20:01 EDT 2017 testing/net-testing/ports 1.0.0 build and rebuilt (builds 1 & 2) +----------------+ Wed Aug 16 18:33:23 EDT 2017 kernel/linux-source rebuilt (build 2) to properly configure the kernel source tree, and fix the source symlinks in /lib/modules/kernel_version. +----------------+ Fri Aug 18 11:17:22 EDT 2017 apps-general/unrar upgraded from 5.5.6 to 5.5.8 to fix CVE-2017-12938, a vulnerability which allowed a specially crafted rar file to bypass directory traversal protection when extracted. Exploitation of this vulnerability could result in overwriting arbitrary files that are writable by the user extracting the rar file. This also patches some out of bounds read and buffer overflow vulnerabilities. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12938 http://seclists.org/oss-sec/2017/q3/290 * SECURITY FIX * *** BEGIN EDIT Fri Aug 18 15:47:24 EDT 2017 *** The out of bounds read vulnerabilities and buffer overflow vulnerability have now been assigned CVE IDs CVE-2017-12940, CVE-2017-12941 and CVE-2017-12942 respectively. *** END EDIT Fri Aug 18 15:47:24 EDT 2017 *** +----------------+ Fri Aug 25 19:10:53 EDT 2017 xapps-general/thunderbird upgraded from 52.2.0 to 52.3.0 to fix some security vulnerabilities. For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/ * SECURITY FIX * +----------------+ Mon Aug 28 17:23:48 EDT 2017 base/bash rebuilt (build 3) to fix CVE-2016-0634, a vulnerability which allowed for arbitrary shell command execution as any user via setting a specially crafted system-wide hostname. Note: this vulnerability is affected by only the hostname set by the hostname command, not the $HOSTNAME variable. Therefore it requires root access to exploit on a default Cucumber Linux installation and most typical systems. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-0634 https://bugzilla.redhat.com/show_bug.cgi?id=1377613 https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025 * SECURITY FIX * +----------------+ Thu Aug 31 10:57:52 EDT 2017 net-general/mariadb upgarded from 10.1.25 to 10.1.26 to fix a few security vulnerabilities (CVE-2017-3653, CVE-2017-3641 and CVE-2017-3636) which could allow for unauthorized update, insert and delete access to some MariaDB server data as well as a server crash. For more information see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.25 to 10.1.26 (x86_64 only) * SECURITY FIX * +----------------+ Tue Sep 5 17:41:38 EDT 2017 x-base/gdk-pixbuf upgraded from 2.36.2 to 2.36.9 to fix CVE-2017-2862 and CVE-2017-2870, two heap overflow vulnerabilities that could allow arbitrary code execution via a specially crafted file or URL. For more information see: http://security.cucumberlinux.com/security/details.php?id=10 http://security.cucumberlinux.com/security/details.php?id=11 https://nvd.nist.gov/vuln/detail/CVE-2017-2862 https://nvd.nist.gov/vuln/detail/CVE-2017-2870 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377 multilib/x-base/gdk-pixbuf-lib_i686 upgraded from 2.36.2 to 2.36.9 (x86_64 only) * SECURITY FIX * +----------------+ Thu Sep 7 17:40:19 EDT 2017 base/linux upgraded from 4.9.43 to 4.9.48 to fix CVE-2017-11600 (CLD-12) and CVE-2017-14140 (CLD-7). CVE-2017-11600 allowed for a local user to cause a kernel panic via the xfrm subsection of the Linux kernel's IPSec implementation, while CVE-2017-14140 allowed a local, unprivileged user to defeat the ASLR of SUID executables. kernel/linux-source upgraded from 4.9.43 to 4.9.48 to reflect the new kernel version. * SECURITY FIX * +----------------+ Fri Sep 8 17:15:41 EDT 2017 net-general/tcpdump upgraded from 4.9.1 to 4.9.2 to fix several security vulnerabilities: Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) For more information see: http://www.tcpdump.org/tcpdump-changes.txt * SECURITY FIX * +----------------+ Mon Sep 11 12:17:56 EDT 2017 lang-base/perl upgraded from 5.22.1 to 5.22.4 to fix CVE-2016-1238, a vulnerability which could allow for privilege escalation and arbitrary code execution via a malicious Perl module in the current directory and a specially crafted Perl include path. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-1238 http://security.cucumberlinux.com/security/details.php?id=16 https://bugzilla.redhat.com/show_bug.cgi?id=1355695 http://www.securitytracker.com/id/1036440 * SECURITY FIX * +----------------+ Wed Sep 13 10:40:51 EDT 2017 lib-general/libxml2 upgraded from 2.9.4 to 2.9.5 to fix two security vulnerabilities: CVE-2016-5131 and CVE-2017-5969. For more information see: http://security.cucumberlinux.com/security/details.php?id=18 https://nvd.nist.gov/vuln/detail/CVE-2016-5131 http://security.cucumberlinux.com/security/details.php?id=20 https://nvd.nist.gov/vuln/detail/CVE-2017-5969 multilib/lib-general/libxml2 upgraded from 2.9.4 to 2.9.5 (x86_64 only) * SECURITY FIX * +----------------+ Wed Sep 13 21:39:31 EDT 2017 base/linux upgraded from 4.9.48 to 4.9.50 to fix the "Blueborne" vulnerability (CVE-2017-1000251). This vulnerability allowed an attacker physically within bluetooth range of a device to cause a denial of service and possibly execute arbitrary code (note that the code execution vector is mitigated by stack hardening in the Linux kernel). For more information see: http://security.cucumberlinux.com/security/details.php?id=17 https://nvd.nist.gov/vuln/detail/CVE-2017-1000251 https://www.armis.com/blueborne/ https://access.redhat.com/blogs/product-security/posts/blueborne * SECURITY FIX * +----------------+ Wed Sep 13 22:45:47 EDT 2017 kernel/linux-source upgraded from 4.9.48 to 4.9.50 +----------------+ Thu Sep 14 22:47:09 EDT 2017 x-base/cairo rebuilt (build 3) to fix CVE-2016-9082, an integer overflow vulnerability in the write_png function which can be used to cause an invalid pointer dereference and consequentially a crash. Due to the nature of invalid pointer dereferences, arbitray code execution may also be possible. For more information see: http://security.cucumberlinux.com/security/details.php?id=22 https://nvd.nist.gov/vuln/detail/CVE-2016-9082 http://www.securityfocus.com/bid/93931/discuss https://bugs.freedesktop.org/show_bug.cgi?id=98165 multilib/x-base/cairo rebuilt (build 3) * SECURITY FIX * +----------------+ Fri Sep 15 19:46:15 EDT 2017 testing/apps-testing/gptfdisk 1.0.3 built +----------------+ Sun Sep 17 09:38:20 EDT 2017 testing/xapps-testing/palemoon 27.4.2 built +----------------+ Sun Sep 17 10:04:28 EDT 2017 lib-base/libgcrypt upgraded from 1.7.8 to 1.7.9 to fix CVE-2017-0379, a side-channel attack that makes it easier for attackers to discover a secret key. For more information see: http://security.cucumberlinux.com/security/details.php?id=26 https://nvd.nist.gov/vuln/detail/CVE-2017-0379 https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html multilib/lib-base/libgcrypt upgraded from 1.7.8 to 1.7.9 (x86_64 only) * SECURITY FIX * +----------------+ Sun Sep 17 14:38:44 EDT 2017 x-base/gdk-pixbuf rebuilt (build 2) to fix CVE-2017-6312 (an out of bounds read vulnerability) and CVE-2017-6314 (an infinite loop vulnerability). These vulnerabilities could both be leveraged by an attacker via specially crafted files to perform a denial of service attack. For more information see: http://security.cucumberlinux.com/security/details.php?id=28 http://security.cucumberlinux.com/security/details.php?id=30 https://nvd.nist.gov/vuln/detail/CVE-2017-6312 https://nvd.nist.gov/vuln/detail/CVE-2017-6314 https://bugzilla.gnome.org/show_bug.cgi?id=779012 https://bugzilla.gnome.org/show_bug.cgi?id=779020 multilib/x-base/gdk-pixbuf rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Mon Sep 18 10:49:49 EDT 2017 lib-base/ffmpeg upgraded from 3.3 to 3.3.4 to fix several security vulnerabilities: CVE-2017-14054 (https://nvd.nist.gov/vuln/detail/CVE-2017-14054) CVE-2017-14055 (https://nvd.nist.gov/vuln/detail/CVE-2017-14055) CVE-2017-14056 (https://nvd.nist.gov/vuln/detail/CVE-2017-14056) CVE-2017-14057 (https://nvd.nist.gov/vuln/detail/CVE-2017-14057) CVE-2017-14058 (https://nvd.nist.gov/vuln/detail/CVE-2017-14058) CVE-2017-14059 (https://nvd.nist.gov/vuln/detail/CVE-2017-14059) CVE-2017-14169 (https://nvd.nist.gov/vuln/detail/CVE-2017-14169) CVE-2017-14170 (https://nvd.nist.gov/vuln/detail/CVE-2017-14170) CVE-2017-14171 (https://nvd.nist.gov/vuln/detail/CVE-2017-14171) CVE-2017-14222 (https://nvd.nist.gov/vuln/detail/CVE-2017-14222) CVE-2017-14223 (https://nvd.nist.gov/vuln/detail/CVE-2017-14223) CVE-2017-14225 (https://nvd.nist.gov/vuln/detail/CVE-2017-14225) For more information see: http://security.cucumberlinux.com/security/details.php?id=34 https://security.archlinux.org/AVG-400 * SECURITY FIX * +----------------+ Mon Sep 18 11:17:00 EDT 2017 testing/net-testing/vsftpd 3.0.3 built +----------------+ Mon Sep 18 17:58:12 EDT 2017 net-general/apache rebuilt (build 2) to fix CVE-2017-9798, a use after free issue that could result in secret information disclosure. Note that this patch fixes only half of the vulnerability (the .htaccess half). For more information see: http://security.cucumberlinux.com/security/details.php?id=35 https://nvd.nist.gov/vuln/detail/CVE-2017-9798 * SECURITY FIX * +----------------+ Tue Sep 19 09:00:18 EDT 2017 testing/lib-testing/libasr 1.0.2 built testing/multilib/lib-testing/libasr-lib_i686 1.0.2 built (x86_64 only) +----------------+ Tue Sep 19 09:18:36 EDT 2017 testing/lib-testing/libevent 2.1.8 built testing/multilib/lib-testing/libevent-lib_i686 2.1.8 built (x86_64 only) +----------------+ Tue Sep 19 10:32:48 EDT 2017 testing/net-testing/opensmtpd 6.0.2 built +----------------+ Tue Sep 19 13:06:03 EDT 2017 testing/net-testing/opensmtpd rebuilt (build 2) +----------------+ Tue Sep 19 15:09:52 EDT 2017 testing/net-testing/opensmtpd rebuilt (build 3) to add support for the OpenSMTPD extras. testing/net-testing/dovecot 2.2.32 built +----------------+ Wed Sep 20 11:04:45 EDT 2017 lang-base/perl rebuilt (build 2) to fix CVE-2017-12837 and CVE-2017-12883, two vulnerabilities both relating to specially crafted regular expressions. CVE-2017-12837 allowed a remote attacker to cause a denial of service (crash), while CVE-2017-12883 allowed for this same denial of service, as well as a data leak from memory. For more information see: http://security.cucumberlinux.com/security/details.php?id=38 http://security.cucumberlinux.com/security/details.php?id=39 https://nvd.nist.gov/vuln/detail/CVE-2017-12883 https://nvd.nist.gov/vuln/detail/CVE-2017-12837 * SECURITY FIX * +----------------+ Wed Sep 20 12:41:27 EDT 2017 base/linux upgraded from 4.9.50 to 4.9.51 to fix CVE-2017-14497 and CVE-2017-7558. CVE-2017-14497 possible allowed for a local user to cause a denial of service via the tpacket_rcv function in net/packet/af_packet.c. CVE-2017-7558 was a buffer overflow vulnerability in the sockaddr implementation of the kernel that allowed for up to 100 uninitialized bytes to leak into userspace. For more information see: http://security.cucumberlinux.com/security/details.php?id=25 http://security.cucumberlinux.com/security/details.php?id=40 https://nvd.nist.gov/vuln/detail/CVE-2017-14497 https://nvd.nist.gov/vuln/detail/CVE-2017-7558 * SECURITY FIX * +----------------+ Wed Sep 20 14:08:04 EDT 2017 kernel/linux-source upgraded from 4.9.50 to 4.9.51 +----------------+ Sat Sep 23 08:51:33 EDT 2017 lang-base/python2 upgraded from 2.7.13 to 2.7.14 to fix several security vulnerabilitiies, including: CVE-2017-9233 CVE-2016-9063 CVE-2016-0718 CVE-2012-0876 CVE-2016-5300 CVE-2016-4472 For more information see: http://security.cucumberlinux.com/security/details.php?id=50 https://raw.githubusercontent.com/python/cpython/84471935ed2f62b8c5758fd544c7d37076fe0fa5/Misc/NEWS multilib/lang-base/python2_i686 upgraded from 2.7.13 to 2.7.14 (x86_64 only) * SECURITY FIX * +----------------+ Sat Sep 23 08:59:12 EDT 2017 lang-base/python3 upgraded from 3.6.0 to 3.6.2 to fix several security vulnerabilities: CVE-2017-9233 CVE-2016-9063 CVE-2016-0718 CVE-2012-0876 CVE-2016-4472 For more information see: http://security.cucumberlinux.com/security/details.php?id=51 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-2 multilib/lang-base/python3 upgraded from 3.6.0 to 3.6.2 (x86_64 only) * SECURITY FIX * +----------------+ Tue Sep 26 09:49:20 EDT 2017 testing/xapps-testing/palemoon upgraded from 27.4.2 to 27.5.0 to fix some bugs. For more information see: http://www.palemoon.org/releasenotes.shtml +----------------+ Wed Sep 27 11:29:40 EDT 2017 base/linux upgraded from 4.9.51 to 4.9.52 to fix some bugs which we will probably find out are exploitable in a few weeks. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.52 kernel/linux-source upgraded from 4.9.51 to 4.9.52 +----------------+ Thu Sep 28 12:02:16 EDT 2017 xapps-general/firefox upgraded from 52.3.0 to 52.4.0 for fix several security vulnerabilities: CVE-2017-7793: Use-after-free with Fetch API CVE-2017-7818: Use-after-free during ARIA array manipulation CVE-2017-7819: Use-after-free while resizing images in design mode CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces CVE-2017-7823: CSP sandbox directive did not create a unique origin CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 For More information see: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ http://security.cucumberlinux.com/security/details.php?id=56 * SECURITY FIX * +----------------+ Thu Sep 28 21:48:58 EDT 2017 lib-base/nss upgraded from 3.28 to 3.33 to fix CVE-2017-7805, a use after free vulnerability that could allow for a crash or arbitrary code execution. For more information see: http://security.cucumberlinux.com/security/details.php?id=57 https://nvd.nist.gov/vuln/detail/CVE-2017-7805 https://access.redhat.com/security/cve/CVE-2017-7805 multilib/lib-base/nss-lib_i686 upgraded from 3.28 to 3.33 (x86_64 only) * SECURITY FIX * +----------------+ Fri Sep 29 08:46:51 EDT 2017 dev-general/git upgraded from 2.10.4 to 2.10.5 to fix CVE-2017-14867, a vulnerability which allowed for an attacker to execute arbitrary OS commands via specially placed metacharacters in a module name. This worked by exploiting unsafe perl scripts. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-14867 http://security.cucumberlinux.com/security/details.php?id=58 https://www.debian.org/security/2017/dsa-3984 * SECURITY FIX * +----------------+ Fri Sep 29 09:30:21 EDT 2017 testing/net-testing/vsftpd rebuilt (build 2) to fix some incorrect permission settings. +----------------+ Fri Sep 29 11:39:22 EDT 2017 testing/net-testing/bind-server 9.11.2 built testing/multilib/net-testing/bind-server-lib_i686 9.11.2 built +----------------+ Fri Sep 29 16:05:25 EDT 2017 ***** Cucumber Linux Version 1.1 Forked ***** The Cucumber Linux 1.1 branch has been forked from the Cucumber Linux 1.0 stable branch. +----------------+ Wed Oct 4 09:27:08 EDT 2017 lang-base/python3 upgraded from 3.6.2 to 3.6.3 to fix some security issues: bpo-31662, bpo-31423, bpo-29781 and bpo-30947. For more information see: http://security.cucumberlinux.com/security/details.php?id=60 https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-3-final multilib/lang-base/python3_lib-i686 upgraded from 3.6.2 to 3.6.3 (x86_64 only). * SECURITY FIX * +----------------+ Wed Oct 4 15:49:12 EDT 2017 lang-base/perl upgraded from 5.22.4 to 5.26.1 The following patches are no longer necessary, as they have been applied in Perl 5.26.1: CVE-2017-12837.patch CVE-2017-12883.patch Also fixes CVE-2017-12837 * SECURITY FIX * +----------------+ Thu Oct 5 09:26:21 EDT 2017 base/linux upgraded from 4.9.52 to 4.9.53 to fix a few security issues: CVE-2017-12154, CVE-2017-1000252 and CVE-2017-12153. For more information see: http://security.cucumberlinux.com/security/details.php?id=46 https://nvd.nist.gov/vuln/detail/CVE-2017-12154 http://security.cucumberlinux.com/security/details.php?id=49 https://nvd.nist.gov/vuln/detail/CVE-2017-1000252 http://security.cucumberlinux.com/security/details.php?id=42 https://nvd.nist.gov/vuln/detail/CVE-2017-12153 * SECURITY FIX * +----------------+ Thu Oct 5 09:57:28 EDT 2017 kernel/linux-source upgraded from 4.9.52 to 4.9.53 +----------------+ Thu Oct 5 10:19:42 EDT 2017 lang-extra/php5 5.6.31 built WARNING: DO NOT INSTALL BOTH THE 'php' AND 'php5' PACKAGES ON THE SAME SYSTEM. USE ONE OR THE OTHER. +----------------+ Thu Oct 5 11:13:35 EDT 2017 lang-general/php upgraded from 5.6.31 to 7.2.0RC3 +----------------+ Thu Oct 5 11:18:41 EDT 2017 base/lsb-info upgraded from 1.0 to 1.1.alpha +----------------+ Thu Oct 5 22:38:20 EDT 2017 net-base/bind-client upgraded from 9.10.4_P4 to 9.11.2 +----------------+ Fri Oct 6 08:41:36 EDT 2017 net-base/curl upgraded from 7.55.0 to 7.56.0 to fix CVE-2017-1000254, a read out of bounds vulnerability in the FTP portion of libcurl, which could result in a crash or an out of bounds read. For more information see: https://curl.haxx.se/docs/adv_20171004.html http://security.cucumberlinux.com/security/details.php?id=62 https://nvd.nist.gov/vuln/detail/CVE-2017-1000254 multilib/net-base/curl-lib_i686 upgraded from 7.55.0 to 7.56.0 (x86_64 only) * SECURITY FIX * +----------------+ Fri Oct 6 09:04:06 EDT 2017 x-base/xorg-server rebuilt (build 4) to fix two vulnerabilities: CVE-2017-13721, which allowed an attacker to crash the X server or overwrite another client's data via a failure to validate shmseg resource ids, and CVE-2017-13723, which fixed a bug where xkb would use a single, static buffer to do all of its formatting, which has the potential to be exploitable in a whole multitude of ways. For more information see: http://security.cucumberlinux.com/security/details.php?id=63 https://nvd.nist.gov/vuln/detail/CVE-2017-13721 https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 http://security.cucumberlinux.com/security/details.php?id=64 https://nvd.nist.gov/vuln/detail/CVE-2017-13723 https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac * SECURITY FIX * +----------------+ Fri Oct 6 22:10:07 EDT 2017 lang-base/perl rebuilt (build 3) to link against Perl 5.26 (it had previously been linked against Perl 5.22, which doesn't exist anymore). +----------------+ Sun Oct 8 13:06:31 EDT 2017 base/linux upgraded from 4.9.53 to 4.9.54. This most likely contains security fixes, but the kernel developers never really make that clear. We'll upgrade to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=69 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54 * SECURITY FIX * +----------------+ Sun Oct 8 14:57:13 EDT 2017 apps-base/sudo upgraded from 1.8.20p1 to 1.8.21p2 to fix CVE-2017-1000368, an extension of CVE-2017-1000367 which was created by an incomplete fix for CVE-2017-1000367. For more information see: http://security.cucumberlinux.com/security/details.php?id=67 https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 * SECURITY FIX * +----------------+ Sun Oct 8 15:07:58 EDT 2017 lib-base/pcre upgraded from 8.39 to 8.41 to fix CVE-2017-7186, a vulnerability which allowed remote attackers to cause a denail of service (crash) by looking up an invalid Unicode property. For more information see: http://security.cucumberlinux.com/security/details.php?id=66 https://nvd.nist.gov/vuln/detail/CVE-2017-7186 https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/ multilib/lib-base/pcre-lib_i686 upgraded from 8.39 to 8.41 (x86_64 only) * SECURITY FIX * +----------------+ Sun Oct 8 22:33:29 EDT 2017 kernel/linux-source upgraded from 4.9.53 to 4.9.54 +----------------+ Mon Oct 9 09:58:05 EDT 2017 lang-base/python2 rebuilt (build 2) to fix a bug in which pip was not installed. multilib/lang-base/python2-lib_i686 rebuilt (build 2, x86_64 only) +----------------+ Mon Oct 9 10:21:43 EDT 2017 net-general/net-snmp rebuilt (build 2) to link agains Perl 5.26 multilib/net-general/net-snmp-lib_i686 rebuilt (build 2, x86_64 only) +----------------+ Mon Oct 9 10:23:51 EDT 2017 apps-base/texinfo rebuilt (build 2) to link agains Perl 5.26 +----------------+ Mon Oct 9 11:15:44 EDT 2017 xapps-general/thunderbird upgraded from 52.3 to 52.4. This most likely fixes some security issues, but Mozilla doesn't like to tell us about these until a couple of weeks after they publish the update (thanks guys). To be safe, we will treat this update as a security update. * SECURITY FIX * +----------------+ Tue Oct 10 09:27:16 EDT 2017 net-general/openssh upgraded from 7.4p1 to 7.6p1 to fix a security vulnerability which allowed for a user to create arbitrary zero length files on a sftp server operating in read only mode. At this time, this vulnerability has not been assigned a CVE id. For more information see: http://security.cucumberlinux.com/security/details.php?id=70 https://www.openssh.com/txt/release-7.6 * SECURITY FIX * +----------------+ Tue Oct 10 12:38:01 EDT 2017 xapps-general/firefox upgraded from 52.4.0 to 52.4.1 to fix a couple of potential crash related issues. Note that these issues allegedly affect Mac OS only, however we will upgrade to be safe as Mozilla tends to push out other security updates in these releases that they don't tell us little people about until weeks later. For more information see: http://security.cucumberlinux.com/security/details.php?id=71 https://www.mozilla.org/en-US/firefox/52.4.1/releasenotes/ * SECURITY FIX * +----------------+ Wed Oct 11 11:46:25 EDT 2017 x-base/xorg-libraries rebuilt (build 3) to fix two vulnerabilities (CVE-2017-13720 and CVE-2017-13722) which could result in a denial of service or memory disclosure. For more information see: http://security.cucumberlinux.com/security/details.php?id=72 https://nvd.nist.gov/vuln/detail/CVE-2017-13720 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608) http://security.cucumberlinux.com/security/details.php?id=73 https://nvd.nist.gov/vuln/detail/CVE-2017-13722 https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd https://www.debian.org/security/2017/dsa-3995 * SECURITY FIX * +----------------+ Sat Oct 14 08:34:56 EDT 2017 base/linux upgraded from 4.9.54 to 4.9.56 to fix CVE-2017-7518, CVE-2017-0786, CVE-2017-1000255 and probably some other vulnerabilities * SECURITY FIX * +----------------+ Sat Oct 14 17:10:56 EDT 2017 kernel/linux-source upgraded from 4.9.54 to 4.9.56 +----------------+ Wed Oct 18 10:20:27 EDT 2017 net-base/wpa_supplicant rebuilt (build 4) to fix several security vulnerabilities collectively known as the Krack Attacks. These vulnerabilities allowed for an attacker within the physical range of a WPA2 secured network to hijack the four way handshake (which occurs when a new client connects to the network) and decrypt the connection, amongst other things. This vulnerability has been assigned the following CVE IDs: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088. For more information see: https://www.krackattacks.com/ http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt https://nvd.nist.gov/vuln/detail/CVE-2017-13077 https://nvd.nist.gov/vuln/detail/CVE-2017-13078 https://nvd.nist.gov/vuln/detail/CVE-2017-13079 https://nvd.nist.gov/vuln/detail/CVE-2017-13080 https://nvd.nist.gov/vuln/detail/CVE-2017-13081 https://nvd.nist.gov/vuln/detail/CVE-2017-13082 https://nvd.nist.gov/vuln/detail/CVE-2017-13084 https://nvd.nist.gov/vuln/detail/CVE-2017-13086 https://nvd.nist.gov/vuln/detail/CVE-2017-13087 https://nvd.nist.gov/vuln/detail/CVE-2017-13088 * SECURITY FIX * +----------------+ Wed Oct 18 15:51:54 EDT 2017 lib-general/libarchive rebuilt (build 2) to fix CVE-2016-10349 and CVE-2016-10350, two vulnerabilities which both allowed for a remote crash via a heap based buffer overflow. For more information see: http://security.cucumberlinux.com/security/details.php?id=92 https://nvd.nist.gov/vuln/detail/CVE-2016-10349 http://security.cucumberlinux.com/security/details.php?id=93 https://nvd.nist.gov/vuln/detail/CVE-2016-10350 multilib/lib-general/libarchive rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Wed Oct 18 19:39:59 EDT 2017 base/linux upgraded from 4.9.56 to 4.9.57 to fix CVE-2017-12188, CVE-2017-15265 and probably some other vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57 * SECURITY FIX * +----------------+ Thu Oct 19 09:28:25 EDT 2017 kernel/linux-source upgraded from 4.9.56 to 4.9.57 +----------------+ Thu Oct 19 10:19:16 EDT 2017 net-general/openssh rebuilt (build 2) to fix a bug in which the ssh_config and sshd_config files were overwritten when the openssh package was updated. +----------------+ Thu Oct 19 11:43:13 EDT 2017 x-base/xorg-server rebuilt (build 5) to fix several vulnerabilities: CVE-2017-2624, CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186 and CVE-2017-12187. For more information see: http://security.cucumberlinux.com/security/details.php?id=96 http://security.cucumberlinux.com/security/details.php?id=97 http://security.cucumberlinux.com/security/details.php?id=98 http://security.cucumberlinux.com/security/details.php?id=99 http://security.cucumberlinux.com/security/details.php?id=100 http://security.cucumberlinux.com/security/details.php?id=101 http://security.cucumberlinux.com/security/details.php?id=102 http://security.cucumberlinux.com/security/details.php?id=103 http://security.cucumberlinux.com/security/details.php?id=104 http://security.cucumberlinux.com/security/details.php?id=105 http://security.cucumberlinux.com/security/details.php?id=106 http://security.cucumberlinux.com/security/details.php?id=107 http://security.cucumberlinux.com/security/details.php?id=108 http://security.cucumberlinux.com/security/details.php?id=109 * SECURITY FIX * +----------------+ Sat Oct 21 13:23:17 EDT 2017 testing/xapps-testing/palemoon was moved to xapps-extra/palemoon and upgraded from 27.5.0 to 27.5.1. +----------------+ Sat Oct 21 15:27:33 EDT 2017 lang-general/php upgraded from 7.2.0RC3 to 7.2.0RC4 +----------------+ Sun Oct 22 11:04:31 EDT 2017 base/linux upgraded from 4.9.57 to 4.9.58. This update probably contains security fixes, however the kernel developers are never very clear about this, so we probably won't find out for sure what vulnerabilities were fixed for at least a few weeks yet. We'll update to be safe. kernel/linux-source upgraded from 4.9.57 to 4.9.58 +----------------+ Sun Oct 22 12:02:52 EDT 2017 testing/net-testing/dovecot was moved to net-extra/dovecot and upgraded from 2.2.32 to 2.2.33.2 testing/lib-testing/libasr was moved to lib-extra/libasr and rebuilt (build 2) testing/multilib/lib-testing/libasr was moved to multilib/lib-testing/libasr and rebuilt (build 2) testing/lib-testing/libevent was moved to lib-extra/libevent and rebuilt (build 2) testing/multilib/lib-testing/ was moved to multilib/lib-testing/libevent and rebuilt (build 2) testing/net-testing/opensmtpd was moved to net-extra/opensmtpd and rebuilt (build 5) +----------------+ Mon Oct 23 09:29:17 EDT 2017 net-base/curl upgraded from 7.56.0 to 7.56.1 to fix CVE-2017-1000257, a buffer overrun vulnerability in the IMAP portion of libcurl (the curl library). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000257 http://security.cucumberlinux.com/security/details.php?id=112 https://curl.haxx.se/docs/adv_20171023.html multilib/net-base/curl-lib_i686 upgraded from 7.56.0 to 7.56.1 (x86_64 only) * SECURITY FIX * +----------------+ Mon Oct 23 10:49:55 EDT 2017 testing/net-testing/bind-server was moved to net-extra/bind-server and rebuilt (build 2) testing/multilb/net-testing/bind-server was moved to multilb/net-extra/bind-server and rebuilt (build 2) testing/apps-testing/gptfdisk was moved to base/gptfdisk and rebuilt (build 2). Although we generally don't add packages to the base system in a minor release, we are making an exception here because otherwise Cucumber Linux 1.1 won't work properly with GPT formatted disks, and it will not be possible to install Cucumber Linux 1.1 to a GPT formatted partition. Note also that this was listed as "new/up", not "update" in Pickle. testing/net-testing/vsftp was moved to net-extra/vsftpd and rebuilt (build 3) +----------------+ Tue Oct 24 09:28:32 EDT 2017 lib-general/apr upgraded from 1.5.2 to 1.6.3 to fix CVE-2017-12613, a vulnerability which allowed for information disclosure and/or a denial of service via an out of bounds read. This happened as a result of the apr_exp_time*() and apr_os_exp_time*() functions failing to validate input. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12613 http://security.cucumberlinux.com/security/details.php?id=113 https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E multilib/lib-general/apr-lib_i686 upgraded from 1.5.2 to 1.6.3 (x86_64 only) * SECURITY FIX * +----------------+ Tue Oct 24 09:32:21 EDT 2017 lib-general/apr-util upgraded from 1.5.4 to 1.6.1 to fix CVE-2017-12618, a denial of service vulnerability resulting from the failure of the apr_sdbm*() functions to validate their input. This allowed for a local user with write access to a database to crash a program or process using these functions. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12618 http://security.cucumberlinux.com/security/details.php?id=114 https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E multilib/lib-general/apr-util upgraded from 1.5.4 to 1.6.1 (x86_64 only) * SECURITY FIX * +----------------+ Thu Oct 26 10:29:49 EDT 2017 base/glibc-zoneinfo upgraded from 2016j to 2017c to reflect recent changes in the global timezones. For more infromation see: http://mm.icann.org/pipermail/tz-announce/2017-October/000047.html +----------------+ Thu Oct 26 12:44:37 EDT 2017 net-base/wget upgraded from 1.17.1 to 1.19.2 to fix CVE-2017-13089 and CVE-2017-13090, two buffer overflow vulnerabilities which could allow for remote arbitrary code execution if wget connects to a malicious http server. For more information see: http://security.cucumberlinux.com/security/details.php?id=116 https://access.redhat.com/security/cve/CVE-2017-13089 https://nvd.nist.gov/vuln/detail/CVE-2017-13089 http://security.cucumberlinux.com/security/details.php?id=117 https://access.redhat.com/security/cve/CVE-2017-13090 https://nvd.nist.gov/vuln/detail/CVE-2017-13090 https://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html * SECURITY FIX * +----------------+ Fri Oct 27 11:01:02 EDT 2017 lib-base/ffmpeg upgraded from 3.3.4 to 3.3.5 to fix CVE-2017-15186, a vulnerability which allowed for remote attackers to cause a denial of service (i.e. crash) via a specially crafted AVI file. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-15186 http://security.cucumberlinux.com/security/details.php?id=115 https://ffmpeg.org/security.html multilib/lib-base/ffmpeg upgraded from 3.3.4 to 3.3.5 (x86_64 only) * SECURITY FIX * +----------------+ Sat Oct 28 10:35:22 EDT 2017 lang-general/php upgraded from 7.2.0RC4 to 7.2.0RC5 to fix CVE-2016-1283, a vulnerability which allowed for a remote attacker to cause a denial of service or possibly have other unspecified impacts via a specially crafted regex passed to PCRE. Note that this vulnerability has long since been fixed in by the upstream PCRE developers and the regular Cucumber PCRE packages are unaffected by this; this was an issue only because PHP was using an old version of PCRE (which was linked statically into the PHP binaries). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2016-1283 http://security.cucumberlinux.com/security/details.php?id=118 https://bugs.php.net/bug.php?id=75207 http://www.php.net/ChangeLog-5.php#5.6.32 lang-extra/php5 upgraded from 5.6.31 to 5.6.32 to fix this same vulnerability in the legacy PHP package. * SECURITY FIX * +----------------+ Sun Oct 29 19:32:41 EDT 2017 net-general/apache upgraded from 2.4.27 to 2.4.29 +----------------+ Wed Nov 1 11:24:46 EDT 2017 base/vim rebuilt (build 5) to fix CVE-2017-1000382, a vulnerability with Vim's swap files which could result in unintended information disclosure, by allowing for arbitrary users to view the contents of files not originally intended to be viewed. This has been successfully used to get (amongst other things) Wordpress database credentials (from wp-config.php). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 http://security.cucumberlinux.com/security/details.php?id=120 http://www.openwall.com/lists/oss-security/2017/10/31/1 IMPORTANT NOTE: THIS VULNERABILITY WAS FIXED BY MAKING A CHANGE TO THE /etc/vimrc FILE. THEREFORE, WHEN UPGRADING YOUR VIM PACKAGES, MAKE SURE TO EITHER INSTALL THE NEW /etc/vimrc FILE OR COPY THE CHANGES FROM /etc/vimrc.new OVER TO /etc/vimrc. * SECURITY FIX * +----------------+ Wed Nov 1 12:39:46 EDT 2017 base/shadow rebuilt (build 4) to fix CLD-121, a vulnerability in which the /etc/shadow file was world readable. For more information see: http://security.cucumberlinux.com/security/details.php?id=121 * SECURITY FIX * +----------------+ Thu Nov 2 21:41:33 EDT 2017 net-base/openssl upgraded from 1.0.2k to 1.0.2m to fix CVE-2017-3736 and CVE-2017-3735. For more information see: https://www.openssl.org/news/vulnerabilities.html#y2017 http://security.cucumberlinux.com/security/details.php?id=123 https://nvd.nist.gov/vuln/detail/CVE-2017-3736 http://security.cucumberlinux.com/security/details.php?id=8 https://nvd.nist.gov/vuln/detail/CVE-2017-3735 multilib/net-base/openssl-lib_i686 upgraded from 1.0.2k to 1.0.2m (x86_64 only) * SECURITY FIX * +----------------+ Fri Nov 3 09:27:32 EDT 2017 base/vim rebuilt (build 6) to improve the initial fix for CVE-2017-1000382. Originally, the fix applied in build 5 saved the .swp files to ~/.vim/swap under the same name as the original file, and the vimrc required a shell call every time Vim stared up. Both of these problems have been fixed in this build. Additionally, build 5 dragged in a bunch of unnecessary dependencies which have been removed in this build. A big thanks goes to Christian Brabandt (cb@256bit.org) for helping with this fix. IMPORTANT NOTE: THIS WAS FIXED BY MAKING A CHANGE TO THE /etc/vimrc FILE. THEREFORE, WHEN UPGRADING YOUR VIM PACKAGES, MAKE SURE TO EITHER INSTALL THE NEW /etc/vimrc FILE OR COPY THE CHANGES FROM /etc/vimrc.new OVER TO /etc/vimrc. +----------------+ Fri Nov 3 10:26:43 EDT 2017 net-general/mariadb upgraded from 10.1.26 to 10.1.28 to fix CVE-2017-10268 (difficult to exploit) and CVE-2017-10378 (easy to exploit), two vulnerabilities that could result in unauthorized access to critical data or complete access all data accessible by MaraiDB. Note that this has not yet been formally acknowledged by the MaraiDB developers; however, other distributions are all claiming that these vulnerabilities are fixed in MaraiDB 10.1.28. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268 http://security.cucumberlinux.com/security/details.php?id=124 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378 http://security.cucumberlinux.com/security/details.php?id=125 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.26 to 10.1.28 (x86_64 only) * SECURITY FIX * +----------------+ Sat Nov 4 09:04:37 EDT 2017 xapps-general/libreoffice upgraded from 5.3.0.3 to 5.3.7.2 to fix CVE-2017-14226, a vulnerability in which the libwpd library (as shipped with LibreOffice 5.3.0.3) mishandled iterators, which could result in a heap based buffer overread. It may have led to a remote attack against a LibreOffice application. For more information see: http://security.cucumberlinux.com/security/details.php?id=15 https://nvd.nist.gov/vuln/detail/CVE-2017-14226 * SECURITY FIX * +----------------+ Sat Nov 4 17:11:00 EDT 2017 base/vim rebuilt (build 7) to further improve the fix for CVE-2017-1000382. Thanks again to Christian Brabandt (cb@256bit.org) for further helping with this fix. IMPORTANT NOTE: THIS WAS FIXED BY MAKING A CHANGE TO THE /etc/vimrc FILE. THEREFORE, WHEN UPGRADING YOUR VIM PACKAGES, MAKE SURE TO EITHER INSTALL THE NEW /etc/vimrc FILE OR COPY THE CHANGES FROM /etc/vimrc.new OVER TO /etc/vimrc. +----------------+ Mon Nov 6 09:44:15 EST 2017 net-general/rsync rebuilt (build 5) to fix CVE-2017-16548, a buffer overread vulnerability which could result in a remote denial of service or other unspecified impacts due to a failure of the receive_xattr function in xattrs.c to check for a null terminator ('\0') character in an xattr name. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-16548 http://security.cucumberlinux.com/security/details.php?id=126 * SECURITY FIX * +----------------+ Fri Nov 10 12:16:59 EST 2017 lang-general/php upgraded from 7.2.0RC5 to 7.2.0RC6 +----------------+ Sun Nov 12 12:45:51 EST 2017 base/linux upgraded from 4.9.58 to 4.9.61. This fixes CVE-2017-.2193, a vulnerability that could be used to trigger a NULL pointer dereference and a kernel panic. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-12193 http://security.cucumberlinux.com/security/details.php?id=122 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 kernel/linux-source upgraded from 4.9.58 to 4.9.61 * SECURITY FIX * +----------------+ Tue Nov 14 11:07:48 EST 2017 xapps-general/firefox upgraded from 52.4.1 to 52.5.0 for "various security fixes." Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. For more information see: https://www.mozilla.org/en-US/firefox/52.5.0/releasenotes/ http://security.cucumberlinux.com/security/details.php?id=128 * SECURITY FIX * +----------------+ Wed Nov 15 15:45:07 EST 2017 xapps-extra/palemoon upgraded from 27.5.1 to 27.6.1 to apply various proactive security improvements. For more information see: http://www.palemoon.org/releasenotes.shtml +----------------+ Thu Nov 16 11:46:07 EST 2017 apps-base/ghostscript upgraded from 9.21 to 9.22 to "many AddressSanitizer, Valgrind and Coverity [security] issues". For more information see: https://www.ghostscript.com/doc/9.22/News.htm http://security.cucumberlinux.com/security/details.php?id=130 multilib/apps-base/ghostscript-lib_i686 upgraded from 9.21 to 9.22 (x86_64 only) * SECURITY FIX * +----------------+ Thu Nov 16 11:48:31 EST 2017 base/linux upgraded from 4.9.61 to 4.9.62. This update probably contains security fixes, however the kernel developers are never very clear about this, so we probably won't find out for sure what vulnerabilities were fixed for at least a few weeks yet. We'll update to be safe. kernel/linux-source upgraded from 4.9.61 to 4.9.62 +----------------+ Fri Nov 17 09:21:08 EST 2017 net-general/mariadb upgraded from 10.1.28 to 10.1.29 to fix CVE-2017-10268 (difficult to exploit) and CVE-2017-10378 (easy to exploit), two vulnerabilities that could result in unauthorized access to critical data or complete access all data accessible by MaraiDB. It was originally claimed that these vulnerabilities had been fixed in MariaDB 10.1.28; however, it turns out this was incorrect: they have been fixed in 10.1.29. For more information see: http://security.cucumberlinux.com/security/details.php?id=124 https://nvd.nist.gov/vuln/detail/CVE-2017-10268 http://security.cucumberlinux.com/security/details.php?id=125 https://nvd.nist.gov/vuln/detail/CVE-2017-10378 https://mariadb.com/kb/en/library/changes-improvements-in-mariadb-101/ multilib/net-general/maraidb-lib_i686 upgraded from 10.1.28 to 10.1.29 (x86_64 only) * SECURITY FIX * +----------------+ Sat Nov 18 12:47:51 EST 2017 base/linux upgraded from 4.9.62 to 4.9.63. 4.9.63 allegedly does a better job of preventing the Krack WPA attacks (as described at https://www.krackattacks.com/). Specifically, it does a better job of addressing CVE-2017-13080. For more infromation see: http://security.cucumberlinux.com/security/details.php?id=81 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63 kernel/linux-source upgraded from 4.9.62 to 4.9.63 * SECURITY FIX * +----------------+ Sun Nov 19 16:03:24 EST 2017 base/lsb-info upgraded from 1.1.alpha to 1.1.beta +----------------+ Sun Nov 19 17:08:17 EST 2017 ***** Cucumber Linux 1.1 Beta 1 Released ***** Version 1.1.beta.1 of Cucumber Linux released. +----------------+ Tue Nov 21 08:32:30 EST 2017 lib-base/libtiff upgraded from 4.0.8 to 4.0.9 to fix several security vulnerabilities: CVE-2016-10095, CVE-2015-7554, CVE-2016-5318, CVE-2014-8128 and CVE-2017-16232. For more information see: http://www.simplesystems.org/libtiff/v4.0.9.html http://security.cucumberlinux.com/security/details.php?id=133 https://nvd.nist.gov/vuln/detail/CVE-2016-10095 http://security.cucumberlinux.com/security/details.php?id=134 https://nvd.nist.gov/vuln/detail/CVE-2015-7554 http://security.cucumberlinux.com/security/details.php?id=135 https://nvd.nist.gov/vuln/detail/CVE-2016-5318 http://security.cucumberlinux.com/security/details.php?id=136 https://nvd.nist.gov/vuln/detail/CVE-2014-8128 http://security.cucumberlinux.com/security/details.php?id=137 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 multilib/lib-base/libtiff upgraded from 4.0.8 to 4.0.9 (x86_64 only) * SECURITY FIX * +----------------+ Tue Nov 21 09:16:50 EST 2017 lib-base/ffmpeg rebuilt (build 2) to fix CVE-2017-16840, a vulnerability in VC-2 compression encoder that could allow for remote attackers to cause a denial of service as the result of an out of bounds read. Due to the nature of this attack, it is also not possible to rule out the possibility of information disclosure. For more information see: http://security.cucumberlinux.com/security/details.php?id=138 https://nvd.nist.gov/vuln/detail/CVE-2017-16840 multilib/lib-base/ffmpeg rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Tue Nov 21 12:11:15 EST 2017 base/linux upgraded from 4.9.63 to 4.9.64. This update probably contains security fixes. kernel/linux-source upgraded from 4.9.63 to 4.9.64 +----------------+ Wed Nov 22 12:30:02 EST 2017 base/pickle upgraded from 1.0.14 to 1.1.0 to remove support for the rolling release mirror from /etc/pickle.conf. Rolling release mirrors have been causing many problems. As such, they are no longer supported as of Pickle 1.1.0 (Cucumber Linux 1.1). A replacement for this functionality will be included in Cucumber Linux 2.0, and there will not be another minor release for Cucumber Linux 1.x, so the removal of this functionality should not be a problem for now. +----------------+ Wed Nov 22 12:34:30 EST 2017 ***** Cucumber Linux 1.1 Beta 2 Released ***** Version 1.1.beta.2 of Cucumber Linux released. +----------------+ Fri Nov 24 09:07:14 EST 2017 base/linux upgraded from 4.9.64 to 4.9.65. This update probably contains security fixes. kernel/linux-source upgraded from 4.9.64 to 4.9.65 +----------------+ Fri Nov 24 12:09:57 EST 2017 xapps-general/thunderbird upgraded from 52.4.0 to 52.5.0 to apply "various security fixes." Unfortunately, Mozilla doesn't usually disclose what vulnerabilities fixed in a given version of Thunderbird until a couple of weeks after it is released, so we are unable to provide any more information about what vulnerabilities are fixed in this release at this time. For more information see: http://security.cucumberlinux.com/security/details.php?id=152 * SECURITY FIX * +----------------+ Fri Nov 24 15:08:55 EST 2017 xapps-general/gimp upgraded from 2.8.20 to 2.8.22 to fix CVE-2007-3126, a vulnerability that allowed for a context-dependent attacker to cause a denial of service (application crash) via a specially crafted .ico file. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2007-3126 http://security.cucumberlinux.com/security/details.php?id=149 multilib/xapps-general/gimp-lib_i686 upgraded from 2.8.20 to 2.8.22 (x86_64 only) * SECURITY FIX * +----------------+ Sat Nov 25 10:48:57 EST 2017 lang-base/perl rebuilt (build 2) to fix CVE-2017-6512, a race condition in the File-Path CPAN module that allowed attackers to set the mode (permission bits) on arbitrary files. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-6512 http://security.cucumberlinux.com/security/details.php?id=153 https://rt.cpan.org/Public/Bug/Display.html?id=121951 * SECURITY FIX * +----------------+ Tue Nov 28 11:18:55 EST 2017 x-base/xorg-libraries rebuilt (build 4) to fix two vulnerabilities: CVE-2017-16611, which allows for an unprivileged user to open arbitrary files as root and CVE-2017-16612, a buffer overflow vulnerability. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-16611 http://security.cucumberlinux.com/security/details.php?id=155 https://nvd.nist.gov/vuln/detail/CVE-2017-16612 http://security.cucumberlinux.com/security/details.php?id=156 multilib/x-base/xorg-libraries-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ Tue Nov 28 12:43:13 EST 2017 xapps-extra/palemoon upgraded from 27.6.1 to 27.6.2 to fix several vulnerabilities: CVE-2017-7832, CVE-2017-7833, CVE-2017-7835 and CVE-2017-7840. For more information see: http://www.palemoon.org/releasenotes.shtml https://nvd.nist.gov/vuln/detail/CVE-2017-7832 http://security.cucumberlinux.com/security/details.php?id=157 https://nvd.nist.gov/vuln/detail/CVE-2017-7833 http://security.cucumberlinux.com/security/details.php?id=158 https://nvd.nist.gov/vuln/detail/CVE-2017-7835 http://security.cucumberlinux.com/security/details.php?id=159 https://nvd.nist.gov/vuln/detail/CVE-2017-7840 http://security.cucumberlinux.com/security/details.php?id=160 * SECURITY FIX * +----------------+ Wed Nov 29 15:13:29 EST 2017 net-base/curl upgraded from 7.56.1 to 7.57.0 to fix three vulnerabilities: CVE-2017-8816 (a buffer overrun vulnerability affecting 32 bit versions of Cucumber Linux), CVE-2017-8817 (a buffer overflow vulnerability that could result in client URL direction) and CVE-2017-8818 (another buffer overrun vulnerability affecting 32 bit versions of Cucumber Linux).For more information see: https://curl.haxx.se/changes.html#7_57_0 https://nvd.nist.gov/vuln/detail/CVE-2017-8816 http://security.cucumberlinux.com/security/details.php?id=161 https://nvd.nist.gov/vuln/detail/CVE-2017-8817 http://security.cucumberlinux.com/security/details.php?id=162 https://nvd.nist.gov/vuln/detail/CVE-2017-8818 http://security.cucumberlinux.com/security/details.php?id=163 multilib/net-base/curl-lib_i686 upgraded from 7.56.1 to 7.57.0 (x86_64 only). * SECURITY FIX * +----------------+ Wed Nov 29 19:31:16 EST 2017 xapps-general/firefox upgraded from 52.5.0 to 52.5.1. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=165 * SECURITY FIX * +----------------+ Thu Nov 30 11:01:53 EST 2017 lang-general/php upgraded from 7.2.0RC6 to 7.2.0. +----------------+ Thu Nov 30 21:02:39 EST 2017 base/linux upgraded from 4.9.65 to 4.9.66. This update probably contains security fixes. kernel/linux-source upgraded from 4.9.65 to 4.9.66 +----------------+ Fri Dec 1 10:16:13 EST 2017 lib-base/ffmpeg rebuilt (build 3) to fix CVE-2017-17081, an out of bounds read vulnerability which allowed for a remote attacker to cause a denial of service. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17081 http://security.cucumberlinux.com/security/details.php?id=168 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Fri Dec 1 17:06:09 EST 2017 base/pickle upgraded from 1.1.0 to 1.1.1 to fix the broken 'ROOT=' environment variable. +----------------+ Sun Dec 3 14:54:30 EST 2017 base/pickle upgraded from 1.1.1 to 1.1.2 to make Pickle clean up its files in /tmp after each package is installed/upgraded. Previously, Pickle would leave its /tmp files, which would lead to /tmp getting full mid update if a large update was run on a system with a small /tmp partition. +----------------+ Sun Dec 3 16:48:46 EST 2017 ***** Cucumber Linux 1.1 Beta 3 Released ***** Version 1.1.beta.3 of Cucumber Linux released. +----------------+ Tue Dec 5 11:34:08 EST 2017 base/linux upgraded from 4.9.66 to 4.9.67. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.67 kernel/linux-source upgraded from 4.9.66 to 4.9.67 +----------------+ Tue Dec 5 22:15:48 EST 2017 xapps-base/vlc upgraded from 2.2.6 to 2.2.8 to fix two security vulnerabilities: CVE-2017-9300 and CVE-2017-10699, both of which are buffer overflow vulnerabilities which could result in a denial of service. CVE-2017-10699 can also possibly result in arbitrary code execution. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-9300 http://security.cucumberlinux.com/security/details.php?id=140 https://nvd.nist.gov/vuln/detail/CVE-2017-10699 http://security.cucumberlinux.com/security/details.php?id=141 multilib/xapps-base/vlc-lib_i686 upgraded from 2.2.6 to 2.2.8 (x86_64 only) * SECURITY FIX * +----------------+ Wed Dec 6 16:25:15 EST 2017 net-general/rsync rebuilt (build 6) to fix two security vulnerabilities (CVE-2017-17433 and CVE-2017-17434) that allowed for a remote attacker to bypass intended access restrictions. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17433 http://security.cucumberlinux.com/security/details.php?id=169 https://nvd.nist.gov/vuln/detail/CVE-2017-17434 http://security.cucumberlinux.com/security/details.php?id=170 * SECURITY FIX * +----------------+ Thu Dec 7 21:31:03 EST 2017 net-base/openssl upgraded from 1.0.2m to 1.0.2n to fix two security vulnerabilities: CVE-2017-3737 and CVE-2017-3738. For more information see: http://security.cucumberlinux.com/security/details.php?id=172 https://nvd.nist.gov/vuln/detail/CVE-2017-3737 http://security.cucumberlinux.com/security/details.php?id=173 https://nvd.nist.gov/vuln/detail/CVE-2017-3738 https://www.openssl.org/news/secadv/20171207.txt multilib/net-base/openssl-lib_i686 upgraded from 1.0.2m to 1.0.2n (x86_64 only) * SECURITY FIX * +----------------+ Fri Dec 8 10:06:51 EST 2017 xapps-general/firefox upgraded from 52.5.1 to 52.5.2 to fix CVE-2017-7843, a security vulnerability that allows a website to write persistent data to your browser's database while in private browsing mode (it is not supposed to be possible for data to persist across multiple private browsing sessions). For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-7843 http://security.cucumberlinux.com/security/details.php?id=175 https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/ * SECURITY FIX * +----------------+ Sun Dec 10 08:10:12 EST 2017 base/linux upgraded from 4.9.67 to 4.9.68. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68 kernel/linux-source upgraded from 4.9.67 to 4.9.68 +----------------+ Mon Dec 11 14:00:47 EST 2017 lang-general/php rebuilt (build 2) to fix the default location of the php-fpm configuration file. This has moved between PHP 5.6 and 7.2. +----------------+ Tue Dec 12 19:43:27 EST 2017 net-general/mariadb rebuilt (build 2) to fix a bug in which the mysql user's home directory was set to /srv/www and the user description was set to "Apache Daemon". multilib/net-general/mariadb rebuilt (build 2, x86_64 only) +----------------+ Thu Dec 14 15:17:40 EST 2017 base/linux upgraded from 4.9.68 to 4.9.69 to fix two security vulnerabilities: CVE-2017-1000407 and CVE-2017-0861. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-1000407 http://security.cucumberlinux.com/security/details.php?id=178 https://nvd.nist.gov/vuln/detail/CVE-2017-0861 http://security.cucumberlinux.com/security/details.php?id=179 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69 kernel/linux-source upgraded from 4.9.68 to 4.9.69 * SECURITY FIX * +----------------+ Thu Dec 14 16:08:40 EST 2017 net-general/rsync rebuilt (build 7) to a bug in which the rsync daemon user's description was set to "Apache Daemon" +----------------+ Thu Dec 14 16:24:43 EST 2017 lib-base/polkit rebuilt (build 4) to fix a bug in which the polkitd user's home directory was set to /srv/www. We have moved it to /etc/polkit-1. multilib/lib-base/polkit-lib_i686 rebuilt (build 4, x86_64 only) +----------------+ Sun Dec 17 15:42:14 EST 2017 base/linux upgraded from 4.9.69 to 4.9.70. This update probably contains security fixes. kernel/linux-source upgraded from 4.9.69 to 4.9.70 +----------------+ Tue Dec 19 11:01:15 EST 2017 lang-base/python3 upgraded from 3.6.3 to 3.6.4 to apply several upstream bug fixes. multilib/lang-base/python3-lib_i686 upgraded from 3.6.3 to 3.6.4 (x86_64 only) +----------------+ Tue Dec 19 13:28:08 EST 2017 xapps-general/gimp rebuilt (build 2) to fix Gnome Bug #739133 (CLD-182), a security vulnerability in the fli importer of GIMP that could be used to trigger an out of bounds write, which naturally has the potential to lead to arbitrary code execution. This vulnerability has yet to be assigned a CVE ID. For more information see: http://security.cucumberlinux.com/security/details.php?id=182 https://bugzilla.gnome.org/show_bug.cgi?id=739133 multilib/xapps-general/gimp-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * *** BEGIN EDIT Thu Dec 21 10:16:22 EST 2017 *** This vulnerability has been now assigned CVE-2017-17785. *** END EDIT Thu Dec 21 10:16:22 EST 2017 *** +----------------+ Wed Dec 20 15:02:51 EST 2017 base/linux upgraded from 4.9.70 to 4.9.71. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 kernel/linux-source upgraded from 4.9.70 to 4.9.71 +----------------+ Thu Dec 21 10:59:31 EST 2017 xapps-general/gimp rebuilt (build 3) to fix two security vulnerabilities: CVE-2017-17786, a head based buffer overread in file-tga.c and CVE-2017-17788, a stack based buffer overread in xcf.c. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17786 http://security.cucumberlinux.com/security/details.php?id=183 https://nvd.nist.gov/vuln/detail/CVE-2017-17788 http://security.cucumberlinux.com/security/details.php?id=184 http://www.openwall.com/lists/oss-security/2017/12/19/5 multilib/xapps-general/gimp-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Fri Dec 22 21:18:48 EST 2017 xapps-general/thunderbird upgraded to fix the "Mailsploit" vulnerability, a security vulnerability which could allow for a remote attacker to arbitrarily spoof the "From" address in an email. These spoofed emails get past most spam filters and show up in Thunderbird as being from any email address of the attacker's choosing (such as posus@whitehouse.gov). For more information see: http://security.cucumberlinux.com/security/details.php?id=188 https://www.mailsploit.com/index * SECURITY FIX * +----------------+ Fri Dec 22 23:43:59 EST 2017 net-general/mariadb upgraded from 10.1.29 to 10.1.30 to fix CVE-2017-15365, a vulnerability in which a database user could possibly perform modifications on certain cluster nodes without having privileges to perform such changes. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-15365 http://security.cucumberlinux.com/security/details.php?id=189 https://bugzilla.redhat.com/show_bug.cgi?id=1524234 multilib/net-general/mariadb-lib_i686 upgraded from 10.1.29 to 10.1.30 (x86_64 only) * SECURITY FIX * +----------------+ Mon Dec 25 14:13:37 EST 2017 base/linux upgraded from 4.9.71 to 4.9.72 to fix CVE-2017-16995, a security vulnerability that allows local users to cause a system wide denial of service via memory consumption and possibly has other unspecified impacts. For more information see: http://security.cucumberlinux.com/security/details.php?id=191 https://nvd.nist.gov/vuln/detail/CVE-2017-16995 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72 kernel/linux-source upgraded from 4.9.71 to 4.9.72 Merry Christmas! * SECURITY FIX * +----------------+ Thu Dec 28 08:29:41 EST 2017 xapps-general/firefox upgraded from 52.5.2 to 52.5.3. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=193 * SECURITY FIX * +----------------+ Fri Dec 29 09:44:36 EST 2017 x-base/gdk-pixbuf upgraded from 2.36.9 to 2.36.11 to apply various bug fixes. For more information see: http://security.cucumberlinux.com/security/details.php?id=195 http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.news http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.11.news multilib/x-base/gdk-pixbuf-lib_i686 upgraded from 2.36.9 to 2.36.11 (x86_64 only) +----------------+ Sat Dec 30 09:40:01 EST 2017 base/linux upgraded from 4.9.72 to 4.9.73. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.73 kernel/linux-source upgraded from 4.9.72 to 4.9.73 +----------------+ Sat Dec 30 13:40:52 EST 2017 xapps-general/gimp rebuilt (build 4) to fix three security vulnerabilities: CVE-2017-17784, CVE-2017-17789 and CVE-2017-17787. For more information see: https://nvd.nist.gov/vuln/detail/CVE-2017-17784 http://security.cucumberlinux.com/security/details.php?id=185 https://nvd.nist.gov/vuln/detail/CVE-2017-17789 http://security.cucumberlinux.com/security/details.php?id=186 https://nvd.nist.gov/vuln/detail/CVE-2017-17787 http://security.cucumberlinux.com/security/details.php?id=187 multilib/xapps-general/gimp-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ Sat Dec 30 17:22:15 EST 2017 base/shadow rebuilt (build 5) to add the shadow group. /etc/shadow and /etc/gshadow have been chgrp'ed to shadow and chmod'ed to 640. Users who need to access these files without becoming root can be added to the shadow group now. +----------------+ Sat Dec 30 18:24:45 EST 2017 net-extra/mailx 12.5 built +----------------+ Sat Dec 30 18:50:41 EST 2017 net-extra/opensmtpd upgraded from 6.0.2 to 201702130941p1. This release, while being a snapshot, offers various improvements over version 6.0.2. This snapshot is also closer to the opensmtpd version included in OpenBSD 6.2, so we can safely say it is at least not less secure than version 6.0.2. +----------------+ Tue Jan 2 09:07:24 EST 2018 net-general/iptables rebuilt (build 4) to fix a bug in the /etc/init.d/iptables init script which caused iptables to not be turned on for runlevel 3 by the service selection tool on the pkgtools setup menu. multilib/net-general/iptables-lib_i686 rebuilt (build 4, x86_64 only) +----------------+ Fri Jan 5 09:17:01 EST 2018 base/linux upgraded from 4.9.73 to 4.9.74. This update most likely contains security fixes that the kernel developers won't make known for a couple of weeks yet. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74 kernel/linux-source upgraded from 4.9.73 to 4.9.74 +----------------+ Fri Jan 5 11:39:14 EST 2018 lang-general/php upgraded from 7.2.0 to 7.2.1 to fix several security vulnerabilities. For more information see: http://security.cucumberlinux.com/security/details.php?id=199 http://php.net/ChangeLog-7.php#7.2.1 lang-general/php5 upgraded from 5.6.32 to 5.6.33 to fix a couple of security issues (an infinite loop and XSS). For more information see: http://security.cucumberlinux.com/security/details.php?id=198 http://www.php.net/ChangeLog-5.php#5.6.33 * SECURITY FIX * +----------------+ Fri Jan 5 21:18:41 EST 2018 base/linux upgraded from 4.9.74 to 4.9.75 to fix the Meltdown security vulnerability (CVE-2017-5754), a hardware vulnerability affecting almost all Intel processors made after 1995 that allows for any process to access the memory of any other process or the kernel. For more information see: http://security.cucumberlinux.com/security/details.php?id=200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://meltdownattack.com/ https://www.youtube.com/watch?v=I5mRwzVvFGE * SECURITY FIX * +----------------+ Sat Jan 6 13:25:40 EST 2018 kernel/linux-source upgraded from 4.9.74 to 4.9.75 +----------------+ Tue Jan 9 09:46:33 EST 2018 net-extra/opensmtpd upgraded from 201702130941p1 to 20180109p1. Version 20180109p1 is slated to become the next release of OpenSMTPD (v. 6.0.3) in the near future, so we will upgrade now to help test it. +----------------+ Wed Jan 10 17:24:03 EST 2018 base/linux upgraded from 4.9.75 to 4.9.76 to further address the Meltdown vulnerability (CVE-2017-5754) by refining the kaiser implementation. This also includes other various bug and security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76 http://security.cucumberlinux.com/security/details.php?id=200 http://security.cucumberlinux.com/security/details.php?id=222 kernel/linux-source upgraded from 4.9.75 to 4.9.76 * SECURITY FIX * +----------------+ Sat Jan 13 18:10:24 EST 2018 lib-general/libxml2 upgraded from 2.9.5 to 2.9.7 to fix CVE-2017-15412, a use after free vulnerability that had the potential to result in memory corruption. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412 http://security.cucumberlinux.com/security/details.php?id=223 https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73 multilib/lib-general/libxml2-lib_i686 upgraded from 2.9.5 to 2.9.7 (x86_64 only) * SECURITY FIX * +----------------+ Sun Jan 14 11:05:54 EST 2018 x-base/gdk-pixbuf rebuilt (build 2) to fix CVE-2017-6313, an integer underflow vulnerability that allows context dependent attackers to cause a denial of service (application crash). For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313 http://security.cucumberlinux.com/security/details.php?id=29 https://bugzilla.gnome.org/show_bug.cgi?id=779016 multilib/x-base/gdk-pixbuf-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Sun Jan 14 11:33:37 EST 2018 net-extra/vsftpd rebuilt (build 4) to fix a bug in the init script which caused the service selection script to incorrectly create the symlink for runlevel 3 in /etc/rc.d/rc3.d/. +----------------+ Sun Jan 14 18:09:00 EST 2018 net-extra/dovecot rebuilt (build 2) to fix the start/stop message in the /etc/init.d/dovecot script, and to fix a bug in the init script which caused the service selection script to incorrectly create the symlink for runlevel 3 in /etc/rc.d/rc3.d/. +----------------+ Mon Jan 15 14:32:32 EST 2018 xapps-extra/palemoon upgraded from 27.6.2 to 27.7.0 to apply various security improvements. For more information see: https://www.palemoon.org/releasenotes.shtml http://security.cucumberlinux.com/security/details.php?id=225 * SECURITY FIX * +----------------+ Wed Jan 17 09:03:19 EST 2018 net-extra/bind-server upgraded from 9.11.2 to 9.11.2_P1 to fix a few security vulnerabilities: CVE-2017-3145 (a use after free vulnerability), CVE-2017-3143 (a vulnerability which could result in unauthorized zone transfers) and CVE-2017-3140 (a vulnerability which could cause named to go into an infinite loop). For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 http://security.cucumberlinux.com/security/details.php?id=227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 http://security.cucumberlinux.com/security/details.php?id=229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3140 http://security.cucumberlinux.com/security/details.php?id=231 https://lists.isc.org/pipermail/bind-announce/2018-January/001075.html multilib/net-extra/bind-server upgraded from 9.11.2 to 9.11.2_P1 (x86_64 only) * SECURITY FIX * +----------------+ Wed Jan 17 09:30:12 EST 2018 net-base/bind-client upgraded from 9.11.2 to 9.11.2_P1 to address CVE-2017-3145, CVE-2017-3143 and CVE-2017-3140. It is unclear whether the bind client is affected by any of these vulnerabilities, or if only the bind server is affected. It is more likely that only the bind server is affected; however, we will upgrade to be safe. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145 http://security.cucumberlinux.com/security/details.php?id=226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143 http://security.cucumberlinux.com/security/details.php?id=228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3140 http://security.cucumberlinux.com/security/details.php?id=230 https://lists.isc.org/pipermail/bind-announce/2018-January/001075.html * SECURITY FIX * +----------------+ Thu Jan 18 11:16:19 EST 2018 base/linux upgraded from 4.9.76 to 4.9.77 to mitigate against the Spectre attacks (CVE-2017-5753 and CVE-2017-5715). Additionally, it contains fixes for two other vulnerabilities: CVE-2017-17741 and CVE-2017-1000410. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77 https://meltdownattack.com/ http://security.cucumberlinux.com/security/details.php?id=201 http://security.cucumberlinux.com/security/details.php?id=202 http://security.cucumberlinux.com/security/details.php?id=233 http://security.cucumberlinux.com/security/details.php?id=234 * SECURITY FIX * +----------------+ Thu Jan 18 12:28:52 EST 2018 kernel/linux-source upgraded from 4.9.76 to 4.9.77 +----------------+ Thu Jan 18 12:41:14 EST 2018 net-extra/opensmtpd upgraded from 20180109p1 to 6.0.3 +----------------+ Thu Jan 18 13:23:16 EST 2018 net-general/rsync rebuilt (built 8) to fix CVE-2018-5764, a vulnerability that allows a remote attacker to bypass intended argument sanitization. For more informaion see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764 http://security.cucumberlinux.com/security/details.php?id=232 * SECURITY FIX * +----------------+ Thu Jan 18 18:03:04 EST 2018 xapps-extra/palemoon upgraded from 27.7.0 to 27.7.1 to fix a couple of bugs. For more information see: http://security.cucumberlinux.com/security/details.php?id=238 https://www.palemoon.org/releasenotes.shtml +----------------+ Sat Jan 20 14:22:08 EST 2018 xapps-general/firefox upgraded from 52.5.3 to 52.6.0. This release probably contains security fixes, but Unfortunately, Mozilla doesn't like to make the details of their security fixes publicly available until several weeks after they are released, so we are unable to provide more information at this time. We have upgraded to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=239 * SECURITY FIX * +----------------+ Sun Jan 21 13:19:35 EST 2018 net-extra/bind rebuilt (build 2) to fix a bug in the init script which caused the service selection script to incorrectly create the symlink for runlevel 3 in /etc/rc.d/rc3.d/. multilib/net-extra/bind-lib_i686 rebuilt (build 2, x86_64 only) +----------------+ Sun Jan 21 13:34:48 EST 2018 installer/iso has been changed to use isolinux as the bootloader instead of grub for the Cucumber Linux installer. This change has temporarily broken UEFI support. Ultimately, it will be necessary to use isolinux as the legacy BIOS bootloader and grub as the UEFI bootloader. +----------------+ Wed Jan 24 09:17:24 EST 2018 net-base/curl upgraded from 7.57.0 to 7.58.0 to fix two security vulnerabilities: CVE-2018-1000005 and CVE-2018-1000007. For more information see: http://security.cucumberlinux.com/security/details.php?id=242 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005 http://security.cucumberlinux.com/security/details.php?id=243 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007 multilib/net-base/curl-lib_i686 upgraded fro 7.57 to 7.58 to fix CVE-2018-1000005 and CVE-2018-1000007 (x86_64 only) * SECURITY FIX * +----------------+ Wed Jan 24 14:24:43 EST 2018 base/linux upgraded from 4.9.77 to 4.9.78. This update most likely contains security fixes that the kernel developers won't make known for a couple of weeks yet. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78 kernel/linux-source upgraded from 4.9.77 to 4.9.78 +----------------+ Thu Jan 25 18:57:54 EST 2018 net-extra/dovecot rebuilt (build 3) to fix CVE-2017-15132, a security vulnerability which could allow for an attacker to cause a denail of service (crash) if dovecot was run with certain high performance configurations. It should be noted that the default configuration is not affected; only systems that have been explicitly configured to resue the login process are vulnerable. For more information see: http://security.cucumberlinux.com/security/details.php?id=249 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15132 * SECURITY FIX * +----------------+ Fri Jan 26 08:50:37 EST 2018 xapps-general/thunderbird upgraded from 52.5.2 to 52.6.0 to fix several security vulnerabilities: CVE-2018-5095: Integer overflow in Skia library during edge builder allocation CVE-2018-5096: Use-after-free while editing form elements CVE-2018-5097: Use-after-free when source document is manipulated during XSLT CVE-2018-5098: Use-after-free while manipulating form input elements CVE-2018-5099: Use-after-free with widget listener CVE-2018-5102: Use-after-free in HTML media elements CVE-2018-5103: Use-after-free during mouse event handling CVE-2018-5104: Use-after-free during font face manipulation CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6, and Thunderbird 52.6 For more information see: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/ http://security.cucumberlinux.com/security/details.php?id=250 * SECURITY FIX * +----------------+ Mon Jan 29 10:31:20 EST 2018 lib-base/ffmpeg upgraded from 3.3.5 to 3.3.6. The patches for CVE-2017-16840 and CVE-2017-17081 are no longer necessary as they have been applied upstream in this release. It also contains several other bug fixes that have the potential to have negative security implications. multilib/lib-base/ffmpeg-lib_i686 upgraded from 3.3.5 to 3.3.6 (x86_64 only) +----------------+ Mon Jan 29 17:33:50 EST 2018 apps-base/cpio rebuilt (build 2) to fix CVE-2017-7516, a security vulnerability which could result in arbitrary files being overwritten when the user extracts a maliciously crafted cpio archive. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7516 http://security.cucumberlinux.com/security/details.php?id=252 https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html * SECURITY FIX * +----------------+ Wed Jan 31 09:24:48 EST 2018 base/ncurses rebuilt (build 3) to fix several security vulnerabilities: CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113, CVE-2017-13733, CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731, CVE-2017-13732 and CVE-2017-13734. For more information see: http://security.cucumberlinux.com/security/details.php?id=255 http://security.cucumberlinux.com/security/details.php?id=256 http://security.cucumberlinux.com/security/details.php?id=257 http://security.cucumberlinux.com/security/details.php?id=258 http://security.cucumberlinux.com/security/details.php?id=259 http://security.cucumberlinux.com/security/details.php?id=260 http://security.cucumberlinux.com/security/details.php?id=261 http://security.cucumberlinux.com/security/details.php?id=262 http://security.cucumberlinux.com/security/details.php?id=263 http://security.cucumberlinux.com/security/details.php?id=264 multilib/base/ncurses-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Thu Feb 1 12:59:43 EST 2018 lib-base/poppler rebuilt (build 5) to fix several security vulnerabilities: CVE-2017-9406, CVE-2017-9408, CVE-2017-9776, CVE-2017-9865, CVE-2017-14517, CVE-2017-14518, CVE-2017-14520, CVE-2017-14975, CVE-2017-14976, CVE-2017-14977, CVE-2017-15565, CVE-2017-7511 and CVE-2017-1000456. For more information see: http://security.cucumberlinux.com/security/details.php?id=207 http://security.cucumberlinux.com/security/details.php?id=208 http://security.cucumberlinux.com/security/details.php?id=210 http://security.cucumberlinux.com/security/details.php?id=211 http://security.cucumberlinux.com/security/details.php?id=212 http://security.cucumberlinux.com/security/details.php?id=213 http://security.cucumberlinux.com/security/details.php?id=215 http://security.cucumberlinux.com/security/details.php?id=216 http://security.cucumberlinux.com/security/details.php?id=217 http://security.cucumberlinux.com/security/details.php?id=218 http://security.cucumberlinux.com/security/details.php?id=219 http://security.cucumberlinux.com/security/details.php?id=236 http://security.cucumberlinux.com/security/details.php?id=248 multilib/lib-base/poppler-lib_i686 rebuilt (build 5, x86_64 only) * SECURITY FIX * +----------------+ Thu Feb 1 16:29:37 EST 2018 base/linux upgraded from 4.9.78 to 4.9.79 to further address the Spectre 2 attack (CVE-2017-5715). This update enables the new BPF_JIT_ALWAYS_ON feature of the Linux kernel, which removes the kernel's BPF interpreter. This interpreter was used in the Spectre 2 attack that Google published. It should be noted that this change does not completely prevent this attack, it just makes it more difficult to exploit. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79 http://security.cucumberlinux.com/security/details.php?id=202 * SECURITY FIX * +----------------+ Thu Feb 1 20:48:01 EST 2018 kernel/linux-source upgraded from 4.9.78 to 4.9.79 +----------------+ Fri Feb 2 08:53:22 EST 2018 xapps-extra/palemoon upgraded from 27.7.1 to 27.7.2 to fix two security vulnerabilities: CVE-2018-5122 (an integer overflow in AesTask::DoCrypto() and CVE-2018-5102 (a crash in HTML media elements. For more information see: http://www.palemoon.org/releasenotes.shtml http://security.cucumberlinux.com/security/details.php?id=266 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5122 http://security.cucumberlinux.com/security/details.php?id=267 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5102 * SECURITY FIX * +----------------+ Fri Feb 2 09:38:54 EST 2018 lang-general/php upgraded from 7.2.1 to 7.2.2 to fix several bugs. For more information see: http://www.php.net/ChangeLog-7.php#7.2.2 +----------------+ Mon Feb 5 13:43:22 EST 2018 base/linux upgraded rom 4.9.79 to 4.9.80. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.80 kernel/linux-source upgraded from 4.9.79 to 4.9.80 +----------------+ Mon Feb 5 14:15:02 EST 2018 apps-general/p7zip rebuilt (build 3) to fix three security vulnerabilities: a heap based buffer overflow vulnerability that could result in arbitrary code execution via specially crafted zip archive (CVE-2017-17969), a denial of service vulnerability resulting from a null pointer dereference (CVE-2016-9296) and a denial of service & arbitrary code execution vulnerability resulting from insufficient exception handling for RAR files.. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17969 http://security.cucumberlinux.com/security/details.php?id=268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9296 http://security.cucumberlinux.com/security/details.php?id=269 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5996 http://security.cucumberlinux.com/security/details.php?id=271 * SECURITY FIX * +----------------+ Mon Feb 5 16:18:09 EST 2018 lib-base/ffmpeg rebuilt (build 2) to fix CVE-2018-6621, a security vulnerability that allowed for remote attackers to cause a denial of service (crash) via a specially crafted AVI file. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6621 http://security.cucumberlinux.com/security/details.php?id=270 multilib/lib-base/ffmpeg-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Tue Feb 6 11:18:02 EST 2018 lib-base/libjpeg-turbo rebuilt (build 3) to fix CVE-2017-15232, a NULL pointer dereference vulnerability that could result in a denial of service (crash). For more information see: http://security.cucumberlinux.com/security/details.php?id=272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15232 multilib/lib-base/libjpeg-turbo-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Wed Feb 7 13:56:01 EST 2018 net-general/mariadb upgraded from 10.1.30 to 10.1.31 to fix several security vulnerabilities: CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668 and CVE-2018-2612. For more information see: http://security.cucumberlinux.com/security/details.php?id=273 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562 http://security.cucumberlinux.com/security/details.php?id=274 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622 http://security.cucumberlinux.com/security/details.php?id=275 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640 http://security.cucumberlinux.com/security/details.php?id=276 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665 http://security.cucumberlinux.com/security/details.php?id=277 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668 http://security.cucumberlinux.com/security/details.php?id=278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612 mulitlib/net-general/mariadb-lib_i686 upgraded from 10.1.30 to 10.1.31 (x86_64 only). * SECURITY FIX * +----------------+ Mon Feb 12 14:13:52 EST 2018 x-general/librsvg rebuilt (build 2) to fix CVE-2018-1000041, a security vulnerable that had the potential to result in leaking of usernames and password hashes. For more information see: http://security.cucumberlinux.com/security/details.php?id=288 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000041 multilib/x-general/librsvg-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Mon Feb 12 16:30:15 EST 2018 lib-base/freetype rebuilt (build 3) to fix CVE-2017-8105, a security vulnerability which used a heap based buffer overflow to cause a denial of service (crash). For more information see: http://security.cucumberlinux.com/security/details.php?id=292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 multilib/lib-base/freetype rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Tue Feb 13 19:24:27 EST 2018 base/linux upgraded from 4.9.80 to 4.9.81 to further mitigate against both variants of the Spectre vulnerability. For more information see: https://spectreattack.com/ http://security.cucumberlinux.com/security/details.php?id=201 http://security.cucumberlinux.com/security/details.php?id=202 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81 kernel/linux-source upgraded from 4.9.80 to 4.9.81 * SECURITY FIX * +----------------+ Thu Feb 15 17:11:29 EST 2018 lib-base/freetype rebuilt (build 4) to fix CVE-2018-6942, a security vulnerability that allowed for a denial of service (i.e. crash) via a specially crafted font file. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942 http://security.cucumberlinux.com/security/details.php?id=294 multilib/lib-base/freetype-lib_i686 rebuilt (build 4, x86_64 only) * SECURITY FIX * +----------------+ Fri Feb 16 10:07:33 EST 2018 apps-base/unzip rebuilt (build 3) to mitigate against CVE-2018-1000035, a security vulnerability which allowed for an attacker to perform a denial of service and arbitrary code execution via a specially crafted zip file. Unzip has been rebuilt with the -D_FORTIFY_SOURCE=2, which mitigates the impact of the vulnerability to only a denial of service (removing the possibility of arbitrary code execution). For more information see: http://security.cucumberlinux.com/security/details.php?id=284 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035 https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html * SECURITY FIX * +----------------+ Fri Feb 16 16:54:34 EST 2018 base/patch rebuilt (build 2) to fix a couple of security issues: a out of bounds read having the potential to cause a denial of service (CVE-2016-10713) and a segmentation fault resulting from a NULL pointer dereference (CVE-2018-6951). For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713 http://security.cucumberlinux.com/security/details.php?id=295 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951 http://security.cucumberlinux.com/security/details.php?id=296 * SECURITY FIX * +----------------+ Fri Feb 16 19:06:51 EST 2018 lang-base/python2 rebuilt (build 3) to fix CVE-2018-1000030, a vulnerability that allowed for a crash of the python interpreter by leveraging a race condition. For more information see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030 http://security.cucumberlinux.com/security/details.php?id=279 https://bugs.python.org/issue31530 multilib/lang-base/python2-lib_i686 rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Sat Feb 17 16:40:36 EST 2018 base/linux upgraded from 4.9.81 to 4.9.82 to fix CVE-2017-8824, a security vulnerability that could result in privilege escalation or a denial of service. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8824 http://security.cucumberlinux.com/security/details.php?id=300 kernel/linux-source upgraded from 4.9.81 to 4.9.82 * SECURITY FIX * +----------------+ Sun Feb 18 11:51:23 EST 2018 base/shadow rebuilt (build 6) to fix CVE-2018-7169, a security vulnerability that could allow for an unprivileged user to drop supplemental groups using the newuidmap and newgidmap commands. This effectively allows for circumventing group blacklisting. For more information see: http://security.cucumberlinux.com/security/details.php?id=298 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169 https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 * SECURITY FIX * +----------------+ Thu Feb 22 12:03:35 EST 2018 xapps-general/libreoffice rebuilt (build 2) to fix CVE-2018-6871, a security vulnerability which could allow a remote attacker to read the contents of arbitrary files if the user opened a specially crafted Calc spreadsheet. A spreadsheet object could also be embedded into any other LibreOffice format, allowing for exploitation via any LibreOffice format. This vulnerability may also be known as CVE-2018-1055. For more information see: http://security.cucumberlinux.com/security/details.php?id=286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871 https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure/blob/master/README.md * SECURITY FIX * +----------------+ Fri Feb 23 13:38:10 EST 2018 base/linux upgraded from 4.9.82 to 4.9.83. This update likely contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.83 kernel/linux-source upgraded from 4.9.82 to 4.9.83 +----------------+ Sun Feb 25 20:13:26 EST 2018 base/linux upgraded from 4.9.83 to 4.9.84. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.84 kernel/linux-source upgraded from 4.9.83 to 4.9.84 +----------------+ Wed Feb 28 14:06:10 EST 2018 base/linux upgraded from 4.9.84 to 4.9.85. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.85 kernel/linux-source upgraded from 4.9.84 to 4.9.85 +----------------+ Wed Feb 28 16:57:11 EST 2018 net-extra/dovecot upgraded from 2.2.33.2 to 2.2.34 to fix two security vulnerabilities: CVE-2017-15130, which could lead to excessive memory consumption if the Dovecot config has local_name { } or local { } blocks in it and CVE-2017-14461, which could result in a denial of service (crash) or information disclosure (leaking memory contents to an attacker) when parsing an invalid email address. For more information see: https://dovecot.org/list/dovecot-news/2018-February/000370.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15130 http://security.cucumberlinux.com/security/details.php?id=305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14461 http://security.cucumberlinux.com/security/details.php?id=306 * SECURITY FIX * +----------------+ Thu Mar 1 12:40:19 EST 2018 lang-base/python3 rebuilt (build 2) to fix CVE-2017-18207, a security vulnerability that could allow for a denial of service via a specially crafted wave file. For more information see: https://bugs.python.org/issue32056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207 http://security.cucumberlinux.com/security/details.php?id=313 multilib/lang-base/python3-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Fri Mar 2 14:30:48 EST 2018 lang-general/php upgraded from 7.2.2 to 7.2.3 to fix CVE-2018-7584, a security vulnerability that could result in memory corruption via a stack based buffer under read. For more information see: https://bugs.php.net/bug.php?id=75981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584 http://security.cucumberlinux.com/security/details.php?id=315 lang-extra/php5 upgraded from 5.6.33 to 5.6.34 to fix CVE-2018-7584 * SECURITY FIX * +----------------+ Fri Mar 2 15:50:34 EST 2018 net-extra/bind-server rebuilt (build 3) to fix several issues with the package directory structure and add sane default config files. Thanks to Zach Jorgensen for helping with this. multilib/net-extra/bind rebuilt (build 3, x86_64 only) +----------------+ Fri Mar 2 16:08:54 EST 2018 net-extra/bind-server rebuilt (build 4) to fix a bug in which the directories under /srv/named/var were named incorrectly. multilib/net-extra/bind rebuilt (build 4, x86_64 only) +----------------+ Fri Mar 2 16:12:15 EST 2018 net-extra/bind-server rebuilt (build 5) to fix a bug in which the /var/named/named.{empty,localhost}.new were not installed correctly. multilib/net-extra/bind rebuilt (build 5, x86_64 only) +----------------+ Sat Mar 3 12:52:09 EST 2018 xapps-extra/palemoon upgraded from 27.7.2 to 27.8.0. This update contains various bug fixes and improvements. For more information see: https://www.palemoon.org/releasenotes.shtml +----------------+ Mon Mar 5 10:19:59 EST 2018 base/linux upgraded from 4.9.85 to 4.9.86. This update likely contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.86 kernel/linux-source upgraded from 4.9.85 to 4.9.86 +----------------+ Mon Mar 5 15:07:15 EST 2018 net-extra/bind-server rebuilt (build 6) to fix an issue in the default /etc/named.conf that prevented bind from being able to locate the default zone files. multilib/net-extra/bind-server_lib-i686 rebuilt (build 6, x86_64 only). +----------------+ Tue Mar 6 18:37:28 EST 2018 xapps-extra/palemoon upgraded from 27.8.0 to 27.8.1 to fix a couple of bugs that could cause browser crashes. For more information see: https://www.palemoon.org/releasenotes.shtml +----------------+ Wed Mar 7 14:40:54 EST 2018 net-general/net-snmp rebuilt (build 3) to fix CVE-2018-1000116, a security vulnerability that could allow for arbitrary code execution via heap corruption. For more information see: https://sourceforge.net/p/net-snmp/bugs/2821/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000116 http://security.cucumberlinux.com/security/details.php?id=318 multilib/net-general/net-snmp rebuilt (build 3, x86_64 only) * SECURITY FIX * +----------------+ Sat Mar 10 16:05:27 EST 2018 xapps-general/firefox upgraded from 52.6.0esr to 52.7.0esr. This update probably contains several security fixes; however, Mozilla doesn't disclose information about any security fixes until several weeks after they have been release. We have updated to be safe. For more information see: http://security.cucumberlinux.com/security/details.php?id=320 * SECURITY FIX * +----------------+ Wed Mar 14 10:52:56 EDT 2018 net-base/curl upgraded from 7.58.0 to 7.59.0 to fix a few security vulnerabilities: CVE-2018-1000120, CVE-2018-1000121 and CVE-2018-1000122. For more information see: http://security.cucumberlinux.com/security/details.php?id=325 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120 https://curl.haxx.se/docs/adv_2018-9cd6.html http://security.cucumberlinux.com/security/details.php?id=326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121 https://curl.haxx.se/docs/adv_2018-97a2.html http://security.cucumberlinux.com/security/details.php?id=327 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122 https://curl.haxx.se/docs/adv_2018-b047.html multilib/net-base/curl-lib_i686 upgraded from 7.58.0 to 7.59.0 (x86_64 only) * SECURITY FIX * +----------------+ Thu Mar 15 10:45:35 EDT 2018 net-extra/bind-server upgraded from 9.11.2_P1 to 9.11.3 to apply various bug fixes and security improvements. Notably, this update includes improved fixes for CVE-2017-3145, CVE-2017-3143 and CVE-2017-3140. For more information see: https://kb.isc.org/article/AA-01597/0/9.11.3-Notes.html multilib/net-extra/bind-server-lib_i686 upgraded from 9.11.2_P1 to 9.11.3 (x86_64 only) net-base/bind-client upgraded from 9.11.2-P1 to 9.11.3 to apply various bug fixes and security improvements +----------------+ Fri Mar 16 16:30:24 EDT 2018 base/linux upgraded from 4.9.86 to 4.9.87. This update probably contains security fixes. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87 kernel/linux-source upgraded from 4.9.86 to 4.9.87 +----------------+ Sat Mar 17 14:39:17 EDT 2018 xapps-general/firefox upgraded from 52.7.0 to 52.7.2 to fix CVE-2018-5146, an out of bounds write security vulnerability in libvorbis. For more information see: http://security.cucumberlinux.com/security/details.php?id=328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/ * SECURITY FIX * +----------------+ Sat Mar 17 15:41:05 EDT 2018 apps-general/sqlite rebuilt (build 2) to fix CVE-2018-8740, a security vulnerability which could allow for a denial of service (application crash) via a specially crafted database file. For more information see: http://security.cucumberlinux.com/security/details.php?id=329 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8740 https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349 multilib/apps-general/sqlite-lib_i686 rebuilt (build 2, x86_64 only) * SECURITY FIX * +----------------+ Mon Mar 19 14:48:42 EDT 2018 base/linux upgraded from 4.9.87 to 4.9.88. This update incorporates a couple of upstream security improvements: it improves the fix for CVE-2018-1000004 and further mitigate against the Spectre family of vulnerabilities. For more information see: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88 http://security.cucumberlinux.com/security/details.php?id=331 kernel/linux-source upgraded from 4.9.87 to 4.9.88 * SECURITY FIX * +----------------+ Tue Mar 20 11:26:45 EDT 2018 net-extra/dovecot upgraded from 2.2.34 to 2.2.35 to apply various bug fixes and security improvements. For more information see: https://dovecot.org/list/dovecot-news/2018-March/000373.html +----------------+ Tue Mar 20 12:10:56 EDT 2018 base/lsb-info upgraded from 1.1.beta to 1.1.rc +----------------+ Tue Mar 20 12:14:05 EDT 2018 ***** Cucumber Linux 1.1 Release Candidate 1 Released ***** Version 1.1.rc.1 of Cucumber Linux has been released. +----------------+