https://www.nethack.org/security/index.html:
NetHack: Privilege escalation/remote code execution/crash in
configuration parsing
Severity: High
Affected versions: 3.6.0, 3.6.1, 3.6.2, 3.6.3
First Patched Version: 3.6.4
Basic Information:
A buffer overflow issue exists when reading very long lines from a
NetHack configuration file (usually named .nethackrc).
This vulnerability affects systems that have NetHack installed suid/sgid
and shared systems that allow users to upload their own configuration
files.
All users are urged to upgrade to NetHack 3.6.4 as soon as possible.
Additional information related to this advisory, if any, will be made
available at https://nethack.org/security.
Django 2.2.9 fixes a security issue and a data loss bug in 2.2.8.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
The patch for including sys/loadavg.h included the file in the section where
getloadavg isn't used so the patch did nothing. Include it in the right
place to fix it.
Fix file's permission to pass build under CHECK_PERMS is yes, i.e.
PKG_DEVELOPER is on.
Distfile of importlib-metadata 0.23, 1.1.0, 1.2.0 and 1.3.0 are contains
world writable permission of files.
Adam, why did you remove post-extract part?
Update durpal8 to 8.7.11, security release.
8.7.11 (2019-12-18)
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement.
Update drupal7 to 7.69, security release.
7.69 (2019-12-18)
Release notes
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement.
The new code that unlimits many resources appears to have been problematic
on a number of fronts. Fetched the current version of src/limits.c from
the sudo hg repo. RLIMIT_STACK (i.e. "3") is no longer set to RLIM_INFINITY.
Added code to output the name of the limit instead of its number.
Upstream changes:
v1.8.3
* Security fix for CVE-2018-19757 (#79), NULL pointer dereference problem,
reported by @nluedtke and fixed by @knok (#91, #94).
* Security fix for CVE-2018-19762 (#81), heap-based buffer overflow problem,
reported by @nluedtke and fixed by @knok (#92).
* Security fix for CVE-2018-19756 (#80), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#93).
* Security fix for CVE-2018-19763 (#82), heap-based buffer over-read problem,
reported by @nluedtke and fixed by @knok (#95).
* Security fix for CVE-2018-19761, illegal address access, fixed by @knok (#96).
* Security fix for CVE-2018-19759, heap-based buffer over-read problem, fixed by @knok (#98).
* Security fix for CVE-2018-3753 (#83), infinite loop problem,
reported by @cool-tomato and fixed by @knok (#99).
* Security fix for CVE-2018-19759 (#102),
heap-based buffer over-read that will cause a denial of service.
reported and fixed by @YourButterfly. (#106)
* Security fix for CVE-2019-19635 (#103), heap-based buffer overflow,
reported and fixed by @YourButterfly. (#106)
* Security fix for CVE-2019-19636 (#104) and CVE-2019-19637 (#105), integer overflow problem.
reported and fixed by @YourButterfly. (#106)
* gif loader: check LZW code size (Issue #75), Thanks to @HongxuChen.
7808a06b88
* core: Fix a global-buffer-overflow problem (Issue #72), Thanks to @fgeek.
c868b59ec8
* core: Fix unexpected hangs/performance issues (Issue #76), Thanks to @HongxuChen.
88561b7a812d3d9ffe8ac9363cd1d5
Leaf package.
2019-11-29 Richard Russon <rich@flatcap.org>
* Features
- Add raw mailsize expando (%cr)
* Bug Fixes
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config
- Change $write_bcc to default off
* Translations
- 100% Portuguese (Brazil)
- 92% Polish
* Docs
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html reproducible
* Build
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
- fixed default colour output in BBCode
(https://gitlab.com/saalen/highlight/issues/134)
- fixed corner case in sh.lang
- fixed syntax tests with UTF-8 input
(https://gitlab.com/saalen/highlight/issues/123)
- added support for Bash in outhtml_codefold.lua plug-in
- added ballerina.lang
- added block strings to java.lang
- added author hints in themes and language definitions
- added C++20 reserved words in c.lang
- added editorconfig file and validated all files accordingly (thanks to
Tristano Ajmone)
- CLI: fixed `--list-scripts` with `-d` or HIGHLIGHT_DATADIR env variable
(https://gitlab.com/saalen/highlight/issues/139)
- GUI W32: replaced multibyte path trace window by startup hint if
NtfsDisable8dot3NameCreation is set
- GUI: removed AsciiDoc instruction lines from the README popup window
