Fri Dec  9 20:19:31 CST 2005
patches/packages/bash-3.0-i486-4.tgz:  Fixed an obscure bug where
  suspending the first process started in a new shell would cause the
  shell to hang.
  Thanks to Grant Coady for discovering and fixing this bug.
patches/packages/bzip2-1.0.3-i486-2.tgz:  Patched a minor bug in the
  libbz2 shared library Makefile to enable support for large files.
  Thanks to Timothy C. McGrath and Manuel Jose Blanca Molinos both of
  whom pointed out this problem and provided fixes.
patches/packages/php-4.4.1-i486-2.tgz:  Recompiled with a patch from PHP
  CVS that fixes issues with SquirrelMail and possibly other PHP
  applications.  I'd hoped there would be a new PHP out quickly to
  address this but since there isn't I'm making an exception to the 
  usual policy here on merging patches from CVS as a fair number of users
  seem to be affected by this issue.  Let me know if this doesn't help or
  if any undesired side effects are noticed.
  This problem was first reported here by Gerardo Exequiel Pozzi, but was
  later reported by too many people to list.  Thanks, everyone!  :-)
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
patches/packages/elm-2.5.8-i486-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 22:05:29 CST 2005
patches/packages/apache-1.3.34-i486-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
patches/packages/curl-7.12.2-i486-2.tgz:  Patched.  This addresses a buffer
  overflow in libcurl's NTLM function that could have possible security
  implications.
  For more details, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
patches/packages/koffice-1.4.1-i486-2.tgz:  Patched.
  Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
  (* Security fix *)
patches/packages/libxml2-2.6.22-i486-1.tgz:  Upgraded to libxml2-2.6.22.
  This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
  that was already used by the expat headers, causing PHP to fail to compile
  when using Slackware's combination of ./configure options.
patches/packages/lynx-2.8.5rel.5-i486-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz:
  Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/php-4.4.1-i486-1.tgz:  Upgraded to php-4.4.1.
  Fixes a number of bugs, including several minor security fixes relating to
  the overwriting of the GLOBALS array.
  (* Security fix *)
patches/packages/pine-4.64-i486-1.tgz:  Upgraded to pine-4.64.
patches/packages/samba-3.0.20b-i486-1.tgz:  Upgraded to samba-3.0.20b.
  This includes various bugfixes.  Thanks to Christopher Linnet for reporting
  that this fixes a problem with printing to a printer on an XP machine from
  CUPS.  If you use such a configuration, you'll want this upgrade for sure.
patches/packages/wget-1.10.2-i486-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
patches/packages/openssl-0.9.7g-i486-2.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
patches/packages/openssl-solibs-0.9.7g-i486-2.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Oct 10 15:15:24 PDT 2005
patches/packages/xine-lib-1.0.3a-i686-1.tgz:  Upgraded to xine-lib-1.0.3a.
  This fixes a format string bug where an attacker, if able to upload malicious
  information to a CDDB server and then get a local user to play a certain
  audio CD, may be able to run arbitrary code on the machine as the user
  running the xine-lib linked application.
  For more information, see:
    http://xinehq.de/index.php/security/XSA-2005-1
  (* Security fix *)
+--------------------------+
Wed Oct  5 13:05:39 PDT 2005
patches/packages/mozilla-thunderbird-1.0.7-i686-1.tgz:
  Upgraded to thunderbird-1.0.7.
  This fixes a security issue where URLs passed on the command line to the
  thunderbird shell script were not correctly protected against
  interpretation by the shell.  As a result, a malicious URL could contain
  embedded shell commands which would then be executed as the user running
  Thunderbird.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
  (* Security fix *)
+--------------------------+
Sun Sep 25 22:03:45 PDT 2005
patches/packages/x11-6.8.2-i486-4.tgz:  Rebuilt with a modified patch for
  an earlier pixmap overflow issue.  The patch released by X.Org was
  slightly different than the one that was circulated previously, and is
  an improved version.  There have been reports that the earlier patch
  broke WINE and possibly some other programs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
  (* Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xnest-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/mozilla-1.7.12-i486-1.tgz:  Upgraded to mozilla-1.7.12.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
patches/packages/mozilla-firefox-1.0.7-i686-1.tgz:  Upgraded to firefox-1.0.7.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  (* Security fix *)
+--------------------------+