| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Sep 2017 15:23:25 -0700 (PDT)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security] emacs (SSA:2017-255-01)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] emacs (SSA:2017-255-01)
New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/emacs-25.3-i586-1_slack14.2.txz: Upgraded.
This update fixes a security vulnerability in Emacs. Gnus no longer
supports "richtext" and "enriched" inline MIME objects. This support
was disabled to avoid evaluation of arbitrary Lisp code contained in
email messages and news articles.
For more information, see:
http://seclists.org/oss-sec/2017/q3/422
https://bugs.gnu.org/28350
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/emacs-25.3-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/emacs-25.3-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/emacs-25.3-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/emacs-25.3-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/emacs-25.3-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/emacs-25.3-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/emacs-25.3-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/emacs-25.3-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/emacs-25.3-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/emacs-25.3-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/emacs-25.3-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/emacs-25.3-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/e/emacs-25.3-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/e/emacs-25.3-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
cb73ff55d419dc81547ac2b5d740d014 emacs-25.3-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
a2618ea276aebd927fb03fe864b34223 emacs-25.3-x86_64-1_slack13.0.txz
Slackware 13.1 package:
d4eee6b4b3bad0cdee8423952ab30cff emacs-25.3-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
75877cfa279dfeec1684c487490c817a emacs-25.3-x86_64-1_slack13.1.txz
Slackware 13.37 package:
1c94eac53cd078b2364b173f88b10b37 emacs-25.3-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
9f27de078b8c58efcc10e871dbafe656 emacs-25.3-x86_64-1_slack13.37.txz
Slackware 14.0 package:
bbf7e859465caa21973afea4c7c19654 emacs-25.3-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
b129723e1bfc10a1fcbe26a02136c0ce emacs-25.3-x86_64-1_slack14.0.txz
Slackware 14.1 package:
59c43a96b840cd3bb48d917abc8cfbae emacs-25.3-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
910c52e7f87b65a0238199af9e052695 emacs-25.3-x86_64-1_slack14.1.txz
Slackware 14.2 package:
edf008d474c5bd7bfc63425fd03e826e emacs-25.3-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
b4317b3527a9df8d9c4595bac93801bd emacs-25.3-x86_64-1_slack14.2.txz
Slackware -current package:
02d65f09f2bbe0e16900cfc49379920a e/emacs-25.3-i586-1.txz
Slackware x86_64 -current package:
f15b8e4e8ef33058f8b07bc2d2b02be8 e/emacs-25.3-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg emacs-25.3-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlm4XdMACgkQakRjwEAQIjOAdgCePUlBwPu2GUcXUqgIj0tzsytO
L6AAmwYTYkbZrGMLf8wCG7F8sp0FzZ3F
=yNAE
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists