Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i486-1_slack10.1.tgz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
#                                                                  #
# Effective August 1, 2012, security patches will no longer be     #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time):                          #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0.           #
# If you are still running these versions you should consider      #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own        #
# security patches.  If for some reason you are unable to upgrade  #
# or handle your own security patches, limited security support    #
# may be available for a fee.  Inquire at security@slackware.com.  #
####################################################################
patches/packages/bind-9.7.6_P1-i486-1_slack10.1.tgz:  Upgraded.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  It also fixes the so-called "ghost names attack" whereby a
  remote attacker may trigger continued resolvability of revoked domain names.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  IMPORTANT NOTE:  This is a upgraded version of BIND, _not_ a patched one.
  It is likely to be more strict about the correctness of configuration files.
  Care should be taken about deploying this upgrade on production servers to
  avoid an unintended interruption of service.
  (* Security fix *)
+--------------------------+
Wed May 23 00:14:52 UTC 2012
patches/packages/libxml2-2.6.32-i486-2_slack10.1.tgz:  Upgraded.
  Patched an off-by-one error in XPointer that could lead to a crash or
  possibly the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
  (* Security fix *)
+--------------------------+
Wed Apr 11 17:16:32 UTC 2012
patches/packages/samba-3.0.37-i486-5_slack10.1.tgz:  Rebuilt.
  This is a security release in order to address a vulnerability that allows
  remote code execution as the "root" user.  All sites running a Samba
  server should update to the new Samba package and restart Samba.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
  (* Security fix *)
+--------------------------+
Sat Apr  7 21:48:42 UTC 2012
patches/packages/libtiff-3.8.2-i486-4_slack10.1.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
  (* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i486-1_slack10.1.tgz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack10.1.tgz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i486-1_slack10.1.tgz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i486-1_slack10.1.tgz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack10.1.tgz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack10.1.tgz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Fri Apr  8 06:58:48 UTC 2011
patches/packages/libtiff-3.8.2-i486-3_slack10.1.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
  (* Security fix *)
+--------------------------+
Thu Apr  7 04:07:29 UTC 2011
patches/packages/dhcp-3.1_ESV_R1-i486-1_slack10.1.tgz:  Upgraded.
  In dhclient, check the data for some string options for reasonableness
  before passing it along to the script that interfaces with the OS.
  This prevents some possible attacks by a hostile DHCP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
  (* Security fix *)
+--------------------------+
Mon Feb 28 22:19:08 UTC 2011
patches/packages/samba-3.0.37-i486-4_slack10.1.tgz:  Rebuilt.
  Fix memory corruption denial of service issue.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2011-0719
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719
  (* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/sudo-1.7.4p6-i486-1_slack10.1.tgz:  Upgraded.
  Fix Runas group password checking.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
  (* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  (* Security fix *)
+--------------------------+
Sat Nov 20 21:20:27 UTC 2010
patches/packages/xpdf-3.02pl5-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
  (* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes an integer overflow that could allow a specially
  crafted bzip2 archive to cause a crash (denial of service), or execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
  (* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i486-3_slack10.1.tgz:  Rebuilt.
  Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
  available containing a /var/lib with incorrect permissions, I'm issuing
  these again just to be 100% sure that no systems out there will be left
  with problems due to that.  This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i486-2_slack10.1.tgz:  Rebuilt.
  The last sudo packages accidentally changed the permissions on /var from
  755 to 700.  This build restores the proper permissions.
  Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/samba-3.0.37-i486-3_slack10.1.tgz:  Upgraded.
  This upgrade fixes a buffer overflow in the sid_parse() function.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2010-3069
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069
  (* Security fix *)
patches/packages/sudo-1.7.4p4-i486-1_slack10.1.tgz:  Upgraded.
  This fixes a flaw that could lead to privilege escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
  (* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libtiff-3.8.2-i486-2_slack10.1.tgz:  Rebuilt.
  This fixes image structure handling bugs that could lead to crashes or
  execution of arbitrary code if a specially-crafted TIFF image is loaded.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
  (* Security fix *)
patches/packages/libpng-1.2.44-i486-1_slack10.1.tgz:  Upgraded.
  This fixes out-of-bounds memory write bugs that could lead to crashes
  or the execution of arbitrary code, and a memory leak bug which could
  lead to application crashes.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
  (* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i486-2_slack10.1.tgz:  Rebuilt.
  At least some of these updates for 2.4.x systems were built under a
  2.6.x kernel, and didn't work.  Sorry, I think I've fixed the
  issue on this end this time.  If the previous update did not work
  for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i486-1_slack10.1.tgz:  Upgraded.
  This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
  and checking is disabled (CD).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  (* Security fix *)
+--------------------------+
Fri Jun 18 18:09:28 UTC 2010
patches/packages/samba-3.0.37-i486-2_slack10.1.tgz:  Rebuilt.
  Patched a buffer overflow in smbd that allows remote attackers to cause
  a denial of service (memory corruption and daemon crash) or possibly
  execute arbitrary code via a crafted field in a packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063
  (* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i486-1_slack10.1.tgz:  Upgraded.
  A crafted header or POP3 UIDL list could cause a memory leak and crash
  leading to a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
  (* Security fix *)
+--------------------------+
Fri Apr 30 01:07:12 UTC 2010
patches/packages/irssi-0.8.15-i486-2_slack10.1.tgz:  Rebuilt.
  Sorry, the perl modules were a mess in that last build on systems that
  don't use a vendor_perl dir.  This should work better.
+--------------------------+
Thu Apr 22 19:13:54 UTC 2010
patches/packages/irssi-0.8.15-i486-1_slack10.1.tgz:  Upgraded.
  From the NEWS file:
    - Check if an SSL certificate matches the hostname of the server we are
      connecting to.
    - Fix crash when checking for fuzzy nick match when not on the channel.
      Reported by Aurelien Delaitre (SATE 2009).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156
  (* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes security issues that may give a user with permission
  to run sudoedit the ability to run arbitrary commands.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
  (* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i486-2_slack10.1.tgz:  Rebuilt.
  Prevent a denial-of-service attack involving spoofed mode 7 packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
  (* Security fix *)
+--------------------------+
Wed Dec  2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack10.1.tgz:  Upgraded.
  BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3.  It addresses a
  potential cache poisoning vulnerability, in which data in the additional
  section of a response could be cached without proper DNSSEC validation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://www.kb.cert.org/vuls/id/418861
  (* Security fix *)
+--------------------------+
Wed Oct 28 01:23:19 UTC 2009
patches/packages/xpdf-3.02pl4-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes several security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
  (* Security fix *)
+--------------------------+
Sat Oct  3 18:19:00 CDT 2009
patches/packages/samba-3.0.37-i486-1_slack10.1.tgz:
  This update fixes the following security issues.
  A misconfigured /etc/passwd with no defined home directory could allow
  security restrictions to be bypassed.
  mount.cifs could allow a local user to read the first line of an arbitrary
  file if installed setuid.  (On Slackware, it was not installed setuid)
  Specially crafted SMB requests could cause a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
  (* Security fix *)
+--------------------------+
Fri Aug 14 13:42:26 CDT 2009
patches/packages/curl-7.12.2-i486-4_slack10.1.tgz:
  This update fixes a security issue where a zero byte embedded in an SSL
  or TLS certificate could fool cURL into validating the security of a
  connection to a system that the certificate was not issued for.  It has
  been reported that at least one Certificate Authority allowed such
  certificates to be issued.
  For more information, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
  (* Security fix *)
+--------------------------+
Fri Aug  7 14:25:03 CDT 2009
patches/packages/samba-3.0.36-i486-1_slack10.1.tgz:  Upgraded.
  This is a bugfix release.
+--------------------------+
Thu Aug  6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes an SSL NUL prefix impersonation attack through NULs in a
  part of a X.509 certificate's CommonName and subjectAltName fields.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
  (* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i486-1_slack10.1.tgz:  Upgraded.
  This BIND update fixes a security problem where a specially crafted
  dynamic update message packet will cause named to exit resulting in
  a denial of service.
  An active remote exploit is in wide circulation at this time.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
    https://www.isc.org/node/479
  (* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i486-1_slack10.1.tgz:  Upgraded.
  A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
  (* Security fix *)
+--------------------------+
Fri Jun 26 22:05:35 CDT 2009
patches/packages/samba-3.0.35-i486-1_slack10.1.tgz:
  This upgrade fixes the following security issue:
  o CVE-2009-1888:
    In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
    data value can potentially affect access control when "dos filemode"
    is set to "yes".
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
  (* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i486-1_slack10.1.tgz:  Upgraded.
  This update fixes a possible security issue.  Jeff Phillips discovered an
  uninitialized-memory-read bug affecting interlaced images that may have
  security implications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
  (* Security fix *)
+--------------------------+
Wed Jun  3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i486-1_slack10.1.tgz:
  Patched a stack-based buffer overflow in the cookedprint function in
  ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
  execution by a malicious remote NTP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
  (* Security fix *)
+--------------------------+
Sat May  9 18:03:41 CDT 2009
patches/packages/xpdf-3.02pl3-i486-1_slack10.1.tgz:
  Upgraded to xpdf-3.02pl3.
  This update fixes several overflows that may result in crashes or the
  execution of arbitrary code as the xpdf user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)
+--------------------------+
Tue Mar 24 01:56:10 CDT 2009
patches/packages/lcms-1.18-i486-1_slack10.1.tgz:  Upgraded to lcms-1.18.
  This update fixes security issues discovered in LittleCMS by Chris Evans.
  These flaws could cause program crashes (denial of service) or the execution
  of arbitrary code as the user of the lcms-linked program.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
  (* Security fix *)
+--------------------------+
Mon Mar  9 00:04:05 CDT 2009
patches/packages/curl-7.12.2-i486-3_slack10.1.tgz:
  Patched curl-7.12.2.
  This fixes a security issue where automatic redirection could be made to
  follow file:// URLs, reading or writing a local instead of remote file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
  (* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i486-1_slack10.1.tgz:
  Upgraded to libpng-1.2.35.
  This fixes multiple memory-corruption vulnerabilities due to a failure to
  properly initialize data structures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
    ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
  (* Security fix *)
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.6-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
    https://www.isc.org/node/373
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack10.1.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
    https://lists.ntp.org/pipermail/announce/2009-January/000055.html
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+
Fri Nov 28 16:27:52 CST 2008
patches/packages/samba-3.0.33-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.33.
  This package fixes an important barrier against rogue clients reading from
  uninitialized memory (though no proof-of-concept is known to exist).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
  (* Security fix *)
+--------------------------+
Wed Nov 19 19:13:12 CST 2008
patches/packages/libxml2-2.6.32-i486-1_slack10.1.tgz:
  Upgraded to libxml2-2.6.32 and patched.
  This fixes vulnerabilities including denial of service, or possibly the
  execution of arbitrary code as the user running a libxml2 linked application
  if untrusted XML content is parsed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
  (* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.3.4-noarch-6_slack10.1.tgz:
  Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.5-P2.
  This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Mon Sep  1 21:56:29 CDT 2008
patches/packages/samba-3.0.32-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.32.  This is a bugfix release.  See the WHATSNEW.txt
  file in the Samba docs for details on what has changed.
+--------------------------+
Mon Aug  4 14:03:01 CDT 2008
patches/packages/python-2.4.5-i486-1_slack10.1.tgz:
  Upgraded to 2.4.5 and patched overflows and other security problems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
  (* Security fix *)
patches/packages/python-demo-2.4.5-i486-1_slack10.1.tgz:  Upgraded.
patches/packages/python-tools-2.4.5-i486-1_slack10.1.tgz:  Upgraded.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack10.1.tgz:
  Patched to fix a possible denial of service when "-v -v" options are used.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
  (* Security fix *)
+--------------------------+
Wed Jul 23 16:27:21 CDT 2008
patches/packages/dnsmasq-2.45-i486-1_slack10.1.tgz:
  Upgraded to dnsmasq-2.45.
  It was discovered that earlier versions of dnsmasq have DNS cache
  weaknesses that are similar to the ones recently discovered in BIND.
  This new release minimizes the risk of cache poisoning.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Wed Jul  9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.5-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Wed May 28 19:46:22 CDT 2008
patches/packages/samba-3.0.30-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.30.
  This is a security release in order to address CVE-2008-1105 ("Boundary
  failure when parsing SMB responses can result in a buffer overrun").
  For more information on the security issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
  (* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i486-1_slack10.1.tgz:
  Upgraded to libpng-1.2.27.
  This fixes various bugs, the most important of which have to do with the
  handling of unknown chunks containing zero-length data.  Processing a PNG
  image that contains these could cause the application using libpng to crash
  (possibly resulting in a denial of service), could potentially expose the
  contents of uninitialized memory, or could cause the execution of arbitrary
  code as the user running libpng (though it would probably be quite difficult
  to cause the execution of attacker-chosen code).  We recommend upgrading the
  package as soon as possible.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
  (* Security fix *)
+--------------------------+
Sat Apr 19 23:49:25 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-3_slack10.1.tgz:
  Recompiled, with --without-speex (we didn't ship the speex library in
  Slackware anyway, but for reference this issue would be CVE-2008-1686),
  and with --disable-nosefart (the recently reported as insecurely
  demuxed NSF format).  As before in -2, this package fixes the two
  regressions mentioned in the release notes for xine-lib-1.1.12:
    http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
  (* Security fix *)
+--------------------------+
Tue Apr  8 00:17:36 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-2_slack10.1.tgz:
  Patched to fix playback failure affecting several media formats
  accidentally broken in the xine-lib-1.1.11.1 release.  Thanks to Diogo Sousa
  for pointing me to the new release notes on xinehq.de.
+--------------------------+
Mon Apr  7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i486-1_slack10.1.tgz:  Upgraded to bzip2-1.0.5.
  Previous versions of bzip2 contained a buffer overread error that could cause
  applications linked to libbz2 to crash, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
  (* Security fix *)
patches/packages/m4-1.4.11-i486-1_slack10.1.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+
Fri Apr  4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i486-1_slack10.1.tgz:
Upgraded to openssh-5.0p1.
  This version fixes a security issue where local users could hijack forwarded
  X connections.  Upgrading to the new package is highly recommended.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
  (* Security fix *)
+--------------------------+
Mon Mar 31 23:33:58 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-1_slack10.1.tgz:
  Upgraded to xine-lib-1.1.11.1.
  Earlier versions of xine-lib suffer from an integer overflow which may lead
  to a buffer overflow that could potentially be used to gain unauthorized
  access to the machine if a malicious media file is played back.  File types
  affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
  (* Security fix *)
+--------------------------+
Sat Mar 29 03:09:17 CDT 2008
patches/packages/xine-lib-1.1.11-i686-1_slack10.1.tgz:
  Earlier versions of xine-lib suffer from an array index bug that
  may have security implications if a malicious RTSP stream is
  played.  Playback of other media formats is not affected.
  If you use RTSP, you should probably upgrade xine-lib.
  For more information on the security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
  (* Security fix *)
+--------------------------+
Thu Feb 14 17:05:55 CST 2008
patches/packages/apache-1.3.41-i486-1_slack10.1.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.3.4-noarch-5_slack10.1.tgz:
  Some deja vu.  ;-)
  Upgraded to tzdata2007k.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.3.4-noarch-4_slack10.1.tgz:
  Upgraded to tzdata2007j.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 10 12:45:35 CST 2007
patches/packages/samba-3.0.28-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.28.
  Samba 3.0.28 is a security release in order to address a boundary failure
  in GETDC mailslot processing that can result in a buffer overrun leading
  to possible code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
    http://www.samba.org/samba/history/samba-3.0.28.html
    http://secunia.com/secunia_research/2007-99/advisory/
  (* Security fix *)
+--------------------------+
Mon Dec  3 19:58:51 CST 2007
patches/packages/samba-3.0.27a-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.27a.
  This update fixes a crash bug regression experienced by smbfs clients caused
  by the fix for CVE-2007-4572.
+--------------------------+
Sat Dec  1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i486-1_slack10.1.tgz:
  Patched some security bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
    http://lists.samba.org/archive/rsync-announce/2007/000050.html
  (* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i486-1_slack10.1.tgz:
  Upgraded to libpng-1.2.23.
  Previous libpng versions may crash when loading malformed PNG files.
  It is not currently known if this vulnerability can be exploited to
  execute malicious code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
  (* Security fix *)
+--------------------------+
Fri Nov 16 17:22:18 CST 2007
patches/packages/samba-3.0.27-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.27.
  Samba 3.0.27 is a security release in order to address a stack buffer
  overflow in nmbd's logon request processing, and remote code execution in
  Samba's WINS server daemon (nmbd) when processing name registration followed
  name query requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
  (* Security fix *)
+--------------------------+
Mon Nov 12 01:25:34 CST 2007
patches/packages/xpdf-3.02pl2-i486-1_slack10.1.tgz:
  Upgraded to xpdf-3.02pl2.
  The pl2 patch fixes a crash in xpdf.
  Some theorize that this could be used to execute arbitrary code if an
  untrusted PDF file is opened, but no real-world examples are known (yet).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
+--------------------------+
Sat Nov 10 16:14:35 CST 2007
testing/packages/php5/php-5.2.5-i486-1_slack10.1.tgz:
  Upgraded to php-5.2.5.
  This fixes bugs and security issues.
  For more information, see:
    http://www.php.net/releases/5_2_5.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
  (* Security fix *)
+--------------------------+
Thu Nov  1 22:03:53 CDT 2007
patches/packages/cups-1.1.23-i486-2_slack10.1.tgz:
  Patched cups-1.1.23.
  Errors in ipp.c may allow a remote attacker to crash CUPS resulting
  in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  (* Security fix *)
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.3.4-noarch-3_slack10.1.tgz:
  Upgraded to timezone data from tzcode2007h and tzdata2007h.
  This contains the latest timezone data from NIST, including some important
  changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack10.1.tgz:
  Upgraded to openssh-4.7p1.
  From the OpenSSH release notes:
  "Security bugs resolved in this release:  Prevent ssh(1) from using a
  trusted X11 cookie if creation of an untrusted cookie fails; found and
  fixed by Jan Pechanec."
  While it's fair to say that we here at Slackware don't see how this could
  be leveraged to compromise a system, a) the OpenSSH people (who presumably
  understand the code better) characterize this as a security bug, b) it has
  been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
  network daemons.  Better safe than sorry.
  More information should appear here eventually:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
  (* Security fix *)
patches/packages/samba-3.0.26a-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.26a.
  This fixes a security issue in all Samba 3.0.25 versions:
  "Incorrect primary group assignment for domain users using the rfc2307
   or sfu winbind nss info plugin."
  For more information, see:
    http://www.samba.org/samba/security/CVE-2007-4138.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
  (* Security fix *)
testing/packages/php5/php-5.2.4-i486-1_slack10.1.tgz:
  Upgraded to php-5.2.4.  The PHP announcement says this version fixes over
  120 bugs as well as "several low priority security bugs."
  Read more about it here:
    http://www.php.net/releases/5_2_4.php
  (* Security fix *)
+--------------------------+
Sat Aug 18 15:00:32 CDT 2007
patches/packages/tcpdump-3.9.7-i486-1_slack10.1.tgz:
  Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
  This new version fixes an integer overflow in the BGP dissector which
  could possibly allow remote attackers to crash tcpdump or to execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
  (* Security fix *)
+--------------------------+
Fri Aug 10 22:39:13 CDT 2007
patches/packages/xpdf-3.02pl1-i486-1_slack10.1.tgz:
  Upgraded to xpdf-3.02pl1.  This fixes an integer overflow that could possibly
  be leveraged to run arbitrary code if a malicious PDF file is processed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
  (* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.3.4_P1-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.4_P1 to fix a security issue.
  The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak.
  For more information on this issue, see:
    http://www.isc.org/index.pl?/sw/bind/bind-security.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  (* Security fix *)
+--------------------------+
Fri May 25 11:27:02 CDT 2007
patches/packages/samba-3.0.25a-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.25a.  This fixes some major (non-security) bugs in
  samba-3.0.25.  See the WHATSNEW.txt for details.
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i486-1_slack10.1.tgz:
  Upgraded to libpng-1.2.18.
  A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
  libpng applications.  This vulnerability has been assigned the identifiers
  CVE-2007-2445 and CERT VU#684664.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
  (* Security fix *)
+--------------------------+
Mon May 14 18:22:43 CDT 2007
patches/packages/samba-3.0.25-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.25.
  Security Fixes included in the Samba 3.0.25 release are:
  o CVE-2007-2444
        Versions: Samba 3.0.23d - 3.0.25pre2
        Local SID/Name translation bug can result in
        user privilege elevation
  o CVE-2007-2446
        Versions: Samba 3.0.0 - 3.0.24
        Multiple heap overflows allow remote code execution
  o CVE-2007-2447
        Versions: Samba 3.0.0 - 3.0.24
        Unescaped user input parameters are passed as
        arguments to /bin/sh allowing for remote command
        execution
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
  (* Security fix *)
+--------------------------+
Wed Apr 25 18:26:46 CDT 2007
patches/packages/x11-6.8.1-i486-7_slack10.1.tgz:  Fixed some bugs in the
  fontconfig upgrade...   Put cache files in /var/cache/fontconfig, not
  /var/X11R6/var/cache/fontconfig.  Properly locate and compress fontconfig
  man pages.  Thanks to Eef Hartman for pointing these out.
patches/packages/x11-devel-6.8.1-i486-7_slack10.1.tgz:  Recompiled.
patches/packages/x11-xdmx-6.8.1-i486-7_slack10.1.tgz:  Recompiled.
patches/packages/x11-xnest-6.8.1-i486-7_slack10.1.tgz:  Recompiled.
patches/packages/x11-xvfb-6.8.1-i486-7_slack10.1.tgz:  Recompiled.
+--------------------------+
Thu Apr 19 18:53:08 CDT 2007
patches/packages/x11-6.8.1-i486-6_slack10.1.tgz:
  Replaced freetype library with freetype-2.3.4.
  This fixes an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
  Upgraded to fontconfig-2.4.2.
patches/packages/x11-devel-6.8.1-i486-6_slack10.1.tgz:
  Replaced freetype library with freetype-2.3.4.
  This fixes an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
  Upgraded to fontconfig-2.4.2.
patches/packages/x11-xnest-6.8.1-i486-6_slack10.1.tgz:
  Recompiled.
patches/packages/x11-xdmx-6.8.1-i486-6_slack10.1.tgz:
  Recompiled.
patches/packages/x11-xvfb-6.8.1-i486-6_slack10.1.tgz:
  Recompiled.
patches/packages/xine-lib-1.1.6-i686-1_slack10.1.tgz:
  Upgraded to xine-lib-1.1.6.
  This fixes overflows in xine-lib in some little-used media formats in
  xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6.  The overflows in
  xine-lib < 1.1.5 could definitely cause an application using xine-lib to
  crash, and it is theorized that a malicious media file could be made to run
  arbitrary code in the context of the user running the application.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
  (* Security fix *)
+--------------------------+
Tue Apr  3 15:01:57 CDT 2007
patches/packages/file-4.20-i486-1_slack10.1.tgz:
  Upgraded to file-4.20.
  This fixes a heap overflow that could allow code to be executed as the
  user running file (note that there are many scenarios where file might be
  used automatically, such as in virus scanners or spam filters).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
  (* Security fix *)
+--------------------------+
Wed Mar  7 18:02:55 CST 2007
patches/packages/gnupg-1.4.7-i486-1_slack10.1.tgz:  Upgraded to gnupg-1.4.7.
  This fixes a security problem that can occur when GnuPG is used incorrectly.
  Newer versions attempt to prevent such misuse.
  For more information, see:
    http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
  (* Security fix *)
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.3.4-noarch-2_slack10.1.tgz:
  Updated with tzdata2007b for impending Daylight Savings Time
  changes in the US.
+--------------------------+
Wed Feb  7 12:29:05 CST 2007
patches/packages/samba-3.0.24-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.24.  From the WHATSNEW.txt file:
    "Important issues addressed in 3.0.24 include:
     o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
         NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
  Samba is Slackware is vulnerable to the first issue, which can cause smbd
  to enter into an infinite loop, disrupting Samba services.  Linux is not
  vulnerable to the second issue, and Slackware does not ship the afsacl.so
  VFS plugin (but it's something to be aware of if you build Samba with
  custom options).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
  (* Security fix *)
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.3.4-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.4.  This update fixes two denial of service
  vulnerabilities where an attacker could crash the name server with
  specially crafted malformed data.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
  (* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i486-1_slack10.1.tgz:
  Upgraded to fetchmail-6.3.6.  This fixes two security issues.  First, a bug
  introduced in fetchmail-6.3.5 could cause fetchmail to crash.  However,
  no stable version of Slackware ever shipped fetchmail-6.3.5.  Second, a long
  standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
  password in clear text or omit using TLS even when configured otherwise.
  All fetchmail users are encouraged to consider using getmail, or to upgrade
  to the new fetchmail packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
  (* Security fix *)
+--------------------------+
Sat Dec 23 16:40:57 CST 2006
patches/packages/xine-lib-1.1.3-i686-1_slack10.1.tgz:
  Upgraded to xine-lib-1.1.3 which fixes possible security problems
  such as a heap overflow in libmms and a buffer overflow in the
  Real Media input plugin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
  (* Security fix *)
+--------------------------+
Wed Dec  6 15:16:06 CST 2006
patches/packages/gnupg-1.4.6-i486-1_slack10.1.tgz:
  Upgraded to gnupg-1.4.6.  This release fixes a severe and exploitable
  bug in earlier versions of gnupg.  All gnupg users should update to the
  new packages as soon as possible.  For details, see the information
  concerning CVE-2006-6235 posted on lists.gnupg.org:
    http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
  This update also addresses a more minor security issue possibly
  exploitable when GnuPG is used in interactive mode.  For more information
  about that issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
  (* Security fix *)
+--------------------------+
Fri Dec  1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i486-1_slack10.1.tgz:
  Upgraded to libpng-1.2.14.  This fixes a bug where a specially crafted PNG
  file could crash applications that use libpng.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
  (* Security fix *)
patches/packages/proftpd-1.3.0a-i486-1_slack10.1.tgz:
  Upgraded to proftpd-1.3.0a plus an additional security patch.  Several
  security issues were found in proftpd that could lead to the execution of
  arbitrary code by a remote attacker, including one in mod_tls that does
  not require the attacker to be authenticated first.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
  (* Security fix *)
patches/packages/tar-1.16-i486-1_slack10.1.tgz:
  Upgraded to tar-1.16.
  This fixes an issue where files may be extracted outside of the current
  directory, possibly allowing a malicious tar archive, when extracted, to
  overwrite any of the user's files (in the case of root, any file on the
  system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
  (* Security fix *)
+--------------------------+
Mon Nov  6 21:29:24 CST 2006
patches/packages/bind-9.3.2_P2-i486-1_slack10.1.tgz:
  Upgraded to bind-9.3.2-P2.  This fixes some security issues related to
  previous fixes in OpenSSL.  The minimum OpenSSL version was raised to
  OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
  in older versions (these patches were already issued for Slackware).  If you
  have not upgraded yet, get those as well to prevent a potentially exploitable
  security problem in named.  In addition, the default RSA exponent was changed
  from 3 to 65537.  RSA keys using exponent 3 (which was previously BIND's
  default) will need to be regenerated to protect against the forging
  of RRSIGs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Nov  3 23:19:57 CST 2006
patches/packages/screen-4.0.3-i486-1_slack10.1.tgz:  Upgraded to screen-4.0.3.
  This addresses an issue with the way screen handles UTF-8 character encoding
  that could allow screen to be crashed (or possibly code to be executed in the
  context of the screen user) if a specially crafted sequence of pseudo-UTF-8
  characters are displayed withing a screen session.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
  (* Security fix *)
+--------------------------+
Wed Oct 25 15:45:46 CDT 2006
patches/packages/qt-3.3.3-i486-4_slack10.1.tgz:  Patched.
  This fixes an issue with Qt's handling of pixmap images that causes Qt linked
  applications to crash if a specially crafted malicious image is loaded.
  Inspection of the code in question makes it seem unlikely that this could
  lead to more serious implications (such as arbitrary code execution), but it
  is recommended that users upgrade to the new Qt package.
  For more information, see:
    http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
  (* Security fix *)
+--------------------------+
Fri Sep 29 00:21:27 CDT 2006
patches/packages/openssl-0.9.7l-i486-1_slack10.1.tgz:
  Upgraded to shared libraries from openssl-0.9.7l.
  See openssl package update below.
  (* Security fix *)
patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz:
  Upgraded to openssh-4.4p1.
  This fixes a few security related issues.  From the release notes found at
  http://www.openssh.com/txt/release-4.4:
    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.
    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.
    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
  the way you want them.  Future upgrades will respect the existing permissions
  settings.  Thanks to Manuel Reimer for pointing out that upgrading openssh
  would enable a previously disabled sshd daemon.
    Do better checking of passwd, shadow, and group to avoid adding
    redundant entries to these files.  Thanks to Menno Duursma.
  (* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.1.tgz:
  Upgraded to openssl-0.9.7l.
  This fixes a few security related issues:
      During the parsing of certain invalid ASN.1 structures an error
    condition is mishandled.  This can result in an infinite loop which
    consumes system memory (CVE-2006-2937).  (This issue did not affect
    OpenSSL versions prior to 0.9.7)
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      Certain types of public key can take disproportionate amounts of
    time to process. This could be used by an attacker in a denial of
    service attack (CVE-2006-2940).
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      A buffer overflow was discovered in the SSL_get_shared_ciphers()
    utility function.  An attacker could send a list of ciphers to an
    application that uses this function and overrun a buffer.
    (CVE-2006-3738)
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
      A flaw in the SSLv2 client code was discovered. When a client
    application used OpenSSL to create an SSLv2 connection to a malicious
    server, that server could cause the client to crash (CVE-2006-4343).
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
  (* Security fix *)
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
patches/packages/gzip-1.3.5-i486-1_slack10.1.tgz:
  Upgraded to gzip-1.3.5, and fixed a variety of bugs.
  Some of the bugs have possible security implications if gzip or its tools are
  fed a carefully constructed malicious archive.  Most of these issues were
  recently discovered by Tavis Ormandy and the Google Security Team.  Thanks
  to them, and also to the ALT and Owl developers for cleaning up the patch.
  For further details about the issues fixed, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
  (* Security fix *)
+--------------------------+
Thu Sep 14 05:30:50 CDT 2006
patches/packages/openssl-0.9.7e-i486-5_slack10.1.tgz:  Patched an issue where
  it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
patches/packages/openssl-solibs-0.9.7e-i486-5_slack10.1.tgz:  Patched an issue
  where it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Thu Sep  7 23:41:37 CDT 2006
patches/packages/bind-9.3.2_P1-i486-1_slack10.1.tgz
  Upgraded to bind-9.3.2_P1.
  This update addresses a denial of service vulnerability.
  BIND's CHANGES file says this:
    2066.   [security]      Handle SIG queries gracefully. [RT #16300]
  The best discussion I've found is in FreeBSD's advisory, so here's a link:
    http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
  Also, fixed some missing man pages.  (noticed by Xavier Thomassin -- thanks)
  (* Security fix *)
+--------------------------+
Fri Aug 18 00:27:05 CDT 2006
patches/packages/libtiff-3.8.2-i486-1_slack10.1.tgz:
  Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
  the Google Security Team.  These issues could be used to crash programs
  linked to libtiff or possibly to execute code as the program's user.
  A low risk command-line overflow in tiffsplit was also patched.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
  (* Security fix *)
+--------------------------+
Wed Aug  2 22:03:08 CDT 2006
patches/packages/gnupg-1.4.5-i486-1_slack10.1.tgz:
  Upgraded to gnupg-1.4.5.
  From the gnupg-1.4.5 NEWS file:
    * Fixed 2 more possible memory allocation attacks.  They are
    similar to the problem we fixed with 1.4.4.  This bug can easily
    be be exploited for a DoS; remote code execution is not entirely
    impossible.
(* Security fix *)
+--------------------------+
Fri Jul 28 17:37:42 CDT 2006
patches/packages/apache-1.3.37-i486-1_slack10.1.tgz:
  Upgraded to apache-1.3.37.
  From the announcement on httpd.apache.org:
    This version of Apache is security fix release only.  An off-by-one flaw
    exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
    since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
  The Slackware Security Team feels that the vast majority of installations
  will not be configured in a vulnerable way but still suggests upgrading to
  the new apache and mod_ssl packages for maximum security.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
  And see Apache's announcement here:
    http://www.apache.org/dist/httpd/Announcement1.3.html
  (* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz:
  Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Wed Jul 26 23:29:32 CDT 2006
patches/packages/tcpip-0.17-i486-31c_slack10.1.tgz:
  Repatched the telnet client with the official OpenBSD patch that had
  already replaced the original security fix in Slackware 9.1, 10.2 and
  -current.  Thanks to Dragan Simic for reporting the issue, and my
  apologies for taking so long to address the insufficiencies of the
  original patch in Slackware 10.0 and 10.1.
+--------------------------+
Mon Jul 24 15:44:39 CDT 2006
patches/packages/mutt-1.4.2.2i-i486-1_slack10.1.tgz:
  Upgraded to mutt-1.4.2.2i.
  This release fixes CVE-2006-3242, a buffer overflow that could be triggered
  by a malicious IMAP server.
  [Connecting to malicious IMAP servers must be common, right? -- Ed.]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
  (* Security fix *)
+--------------------------+
Tue Jul 18 22:44:53 CDT 2006
patches/packages/samba-3.0.23-i486-2_slack10.1.tgz:
  Patched a problem in nsswitch/wins.c that caused crashes in the wins
  and/or winbind libraries.
  Thanks to Mikhail Kshevetskiy for pointing out the issue and offering
  a reference to the patch in Samba's source repository.
  Also, this version of Samba evidently created a new dependency on libdm.so
  (found in the xfsprogs package in non -current Slackware versions).  This
  additional dependency was not intentional, and has been corrected.
+--------------------------+
Fri Jul 14 17:17:17 CDT 2006
patches/packages/samba-3.0.23-i486-1_slack10.1.tgz:
  Upgraded to samba-3.0.23.
  This fixes a minor memory exhaustion DoS in smbd.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
  (* Security fix *)
+--------------------------+
Tue Jun 27 18:48:22 CDT 2006
patches/packages/arts-1.3.2-i486-2_slack10.1.tgz:
  Patched to fix a possible exploit if artswrapper is setuid root (which,
  by default, it is not) and the system is running a 2.6 kernel.
  Systems running 2.4 kernels are not affected.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-2.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
  (* Security fix *)
patches/packages/gnupg-1.4.4-i486-1_slack10.1.tgz:
  This version fixes a memory allocation issue that could allow an attacker to
  crash GnuPG creating a denial-of-service.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
patches/packages/kdebase-3.3.2-i486-3_slack10.1.tgz:
  Patched a problem with kdm where it could be abused to read any file
  on the system.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-1.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
  (* Security fix *)
+--------------------------+
Thu Jun 15 02:04:32 CDT 2006
patches/packages/sendmail-8.13.7-i486-1_slack10.1.tgz:
  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
  Sendmail has also provided an FAQ about this issue:
    http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.1.tgz:
  Upgraded to sendmail-8.13.7 configs.
+--------------------------+
Sat Jun  3 17:15:05 CDT 2006
patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz:
  Upgraded to mysql-4.0.27.
  This fixes some minor security issues with possible information leakage.
  Note that the information leakage bugs require that the attacker have
  access to an account on the database.  Also note that by default,
  Slackware's rc.mysqld script does *not* allow access to the database
  through the outside network (it uses the --skip-networking option).
  If you've enabled network access to MySQL, it is a good idea to filter
  the port (3306) to prevent access from unauthorized machines.
  For more details, see the MySQL 4.0.27 release announcement here:
    http://lists.mysql.com/announce/359
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
  (* Security fix *)
+--------------------------+
Wed May 10 15:07:18 CDT 2006
patches/packages/apache-1.3.35-i486-2_slack10.1.tgz:
  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May  9 00:50:02 CDT 2006
patches/packages/apache-1.3.35-i486-1_slack10.1.tgz:
  Upgraded to apache-1.3.35.
  From the official announcement:
    Of particular note is that 1.3.35 addresses and fixes 1 potential
    security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting.  Change also made to
       ap_escape_html so we escape quotes.  Reported by JPCERT
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  (* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz:
  Upgraded to mod_ssl-2.8.26-1.3.35.
  This is an updated version designed for Apache 1.3.35.
+--------------------------+
Wed May  3 00:44:26 CDT 2006
patches/packages/x11-6.8.1-i486-5.tgz:
  Patched with x11r6.9.0-mitri.diff and recompiled.
  A typo in the X render extension allows an X client to crash the server
  and possibly to execute arbitrary code as the X server user (typically
  this is "root".)
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
  The advisory from X.Org may be found here:
    http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
  (* Security fix *)
patches/packages/x11-devel-6.8.1-i486-5.tgz:
  Patched and recompiled libXrender.
  (* Security fix *)
+--------------------------+
Mon Apr 24 14:36:46 CDT 2006
patches/packages/mozilla-1.7.13-i486-1.tgz:  Upgraded to mozilla-1.7.13.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
  This release marks the end-of-life of the Mozilla 1.7.x series:
    http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
  Mozilla Corporation is recommending that users think about
  migrating to Firefox and Thunderbird.
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz:
  Updated for mozilla-1.7.13.
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
patches/packages/sendmail-8.13.6-i486-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/company/advisory/index.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
  Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+
Mon Mar 13 20:42:48 CST 2006
patches/packages/gnupg-1.4.2.2-i486-1.tgz:  Upgraded to gnupg-1.4.2.2.
  There have been two security related issues reported recently with GnuPG.
  From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
    Noteworthy changes in version 1.4.2.2 (2006-03-08)
    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.
   Noteworthy changes in version 1.4.2.1 (2006-02-14)
    * Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.  Thanks to the taviso from
      Gentoo for reporting this problem.
  (* Security fix *)
+--------------------------+
Fri Mar 10 17:57:39 CST 2006
patches/packages/kdegraphics-3.3.2-i486-5.tgz:  Recompiled to fix a
  missing kpdf security patch.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0746
  (* Security fix *)
+--------------------------+
Fri Feb 10 17:12:38 CST 2006
patches/packages/xpdf-3.01-i486-3a.tgz:  Recompiled to fix missing
  xpdf binary.  This compiled fine on 9.1, 10.0, 10.2, and -current
  but failed here on 10.1 (and on 9.0) without a --with-Xm-includes
  option given to ./configure.  Always something, huh?  Thanks to
  Robert Kulach for giving me a clue as to why this didn't build.
+--------------------------+
Thu Feb  9 15:09:26 CST 2006
patches/packages/fetchmail-6.3.2-i486-1.tgz:  Upgraded to fetchmail-6.3.2.
  Presumably this replaces all the known security problems with
  a batch of new unknown ones.  (fetchmail is improving, really ;-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
  (* Security fix *)
patches/packages/kdegraphics-3.3.2-i486-4.tgz:  Patched integer and
  heap overflows in kpdf to fix possible security bugs with malformed
  PDF files.
  For more information, see:
    http://www.kde.org/info/security/advisory-20051207-2.txt
    http://www.kde.org/info/security/advisory-20060202-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
  (* Security fix *)
patches/packages/kdelibs-3.3.2-i486-3.tgz:  Patched a heap overflow
  vulnerability in kjs, the JavaScript interpreter engine used by
  Konqueror and other parts of KDE.
  For more information, see:
    http://www.kde.org/info/security/advisory-20060119-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
  (* Security fix *) 
patches/packages/openssh-4.3p1-i486-1.tgz:  Upgraded to openssh-4.3p1.
  This fixes a security issue when using scp to copy files that could
  cause commands embedded in filenames to be executed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
  (* Security fix *)
patches/packages/sudo-1.6.8p12-i486-1.tgz:  Upgraded to sudo-1.6.8p12.
  This fixes an issue where a user able to run a Python script through sudo
  may be able to gain root access.
  IMHO, running any kind of scripting language from sudo is still not safe...
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
  (* Security fix *)
patches/packages/xpdf-3.01-i486-3.tgz:  Recompiled with xpdf-3.01pl2.patch to
  fix integer and heap overflows in xpdf triggered by malformed PDF files.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
  (* Security fix *)
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
patches/packages/elm-2.5.8-i486-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 22:11:10 CST 2005
patches/packages/apache-1.3.34-i486-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
patches/packages/curl-7.12.2-i486-2.tgz:  Patched.  This addresses a buffer
  overflow in libcurl's NTLM function that could have possible security
  implications.
  For more details, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
patches/packages/koffice-1.3.5-i486-3.tgz:  Patched.
  Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
  (* Security fix *)
patches/packages/lynx-2.8.5rel.5-i486-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz:
  Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/pine-4.64-i486-1.tgz:  Upgraded to pine-4.64.
patches/packages/wget-1.10.2-i486-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
patches/packages/openssl-0.9.7e-i486-4.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
patches/packages/openssl-solibs-0.9.7e-i486-4.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Oct 10 15:15:24 PDT 2005
patches/packages/xine-lib-1.0.3a-i686-1.tgz:  Upgraded to xine-lib-1.0.3a.
  This fixes a format string bug where an attacker, if able to upload malicious
  information to a CDDB server and then get a local user to play a certain
  audio CD, may be able to run arbitrary code on the machine as the user
  running the xine-lib linked application.
  For more information, see:
    http://xinehq.de/index.php/security/XSA-2005-1
  (* Security fix *)
+--------------------------+
Sun Sep 25 22:09:25 PDT 2005
patches/packages/x11-6.8.1-i486-4.tgz:  Patched a pixmap overflow issue.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
  (* Security fix *)
patches/packages/x11-xdmx-6.8.1-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xnest-6.8.1-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xvfb-6.8.1-i486-4.tgz:  Patched and rebuilt.
patches/packages/mozilla-1.7.12-i486-1.tgz:  Upgraded to mozilla-1.7.12.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
patches/packages/mozilla-firefox-1.0.7-i686-1.tgz:  Upgraded to firefox-1.0.7.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  (* Security fix *)
+--------------------------+
Mon Sep 12 23:38:33 PDT 2005
patches/packages/util-linux-2.12p-i486-2.tgz:  Patched an issue with
  umount where if the umount failed when the '-r' option was used, the
  filesystem would be remounted read-only but without any extra flags
  specified in /etc/fstab.  This could allow an ordinary user able to
  mount a floppy or CD (but with nosuid, noexec, nodev, etc in
  /etc/fstab) to run a setuid binary from removable media and gain
  root privileges.
  Reported to BugTraq by David Watson:
    http://www.securityfocus.com/archive/1/410333
  (* Security fix *)
+--------------------------+
Mon Sep 12 12:49:39 PDT 2005
patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz:  Patched an issue where a
  remote attacker can cause dhcpcd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
  (* Security fix *)
+--------------------------+
Thu Sep  8 13:55:17 PDT 2005
testing/packages/php-5.0.5/php-5.0.5-i486-1.tgz:  Upgraded to
  php-5.0.5, which fixes security issues with XML-RPC and PCRE.
  This new package now links with the system's shared PCRE library,
  so be sure you have the new PCRE package from patches/packages/
  installed.
  Ordinarily packages in /testing are not considered supported, but
  several people have written to say that they are using php5 from
  /testing in a production environment and would like to see an
  updated package, so here it is.  The package in /testing was
  replaced in /testing rather than putting it under /patches to
  avoid any problems with automatic upgrade tools replacing php-4
  packages with this one.
  For more information on the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
+--------------------------+
Wed Sep  7 13:33:05 PDT 2005
patches/packages/kdebase-3.3.2-i486-2.tgz: Patched a security bug in
  kcheckpass that could allow a local user to gain root privileges.
  For more information, see:
    http://www.kde.org/info/security/advisory-20050905-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
  (* Security fix *)
patches/packages/mod_ssl-2.8.24_1.3.33-i486-1.tgz:  Upgraded to
  mod_ssl-2.8.24-1.3.33.  From the CHANGES file:
    Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was
    not enforced in per-location context if "SSLVerifyClient optional" was
    configured in the global virtual host configuration.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
  (* Security fix *)
+--------------------------+
Tue Aug 30 13:00:07 PDT 2005
patches/packages/gaim-1.5.0-i486-1.tgz:  Upgraded to gaim-1.5.0.
  This fixes some more security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
  (* Security fix *)
patches/packages/pcre-6.3-i486-1.tgz:  Upgraded to pcre-6.3.
  This fixes a buffer overflow that could be triggered by the processing of a
  specially crafted regular expression.  Theoretically this could be a security
  issue if regular expressions are accepted from untrusted users to be
  processed by a user with greater privileges, but this doesn't seem like a
  common scenario (or, for that matter, a good idea).  However, if you are
  using an application that links to the shared PCRE library and accepts
  outside input in such a manner, you will want to update to this new package.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
patches/packages/php-4.3.11-i486-3.tgz:  Relinked with the system PCRE library,
  as the builtin library has a buffer overflow that could be triggered by the
  processing of a specially crafted regular expression.
  Note that this change requires the pcre package to be installed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
  Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
  insecure eval() function.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
+--------------------------+
Fri Jul 29 11:44:26 PDT 2005
patches/packages/tcpip-0.17-i486-31b.tgz:  Patched two overflows in
  the telnet client that could allow the execution of arbitrary code
  when connected to a malicious telnet server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  (* Security fix *)
+--------------------------+
Tue Jul 26 23:37:15 PDT 2005
patches/packages/mozilla-1.7.10-i486-2.tgz:  Fixed a folder switching bug.
  Thanks to Peter Santoro for pointing out the patch.
+--------------------------+
Fri Jul 22 13:50:25 PDT 2005
patches/packages/fetchmail-6.2.5.2-i486-1.tgz:
  Upgraded to fetchmail-6.2.5.2.
  This fixes an overflow by which malicious or compromised POP3 servers
  may overflow fetchmail's stack.
  For more information, see:
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
  (* Security fix *)
patches/packages/gxine-0.4.6-i486-1.tgz:  Upgraded to gxine-0.4.6.
  This fixes a format string vulnerability that allows remote attackers to
  execute arbitrary code via a ram file with a URL whose hostname contains
  format string specifiers.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
  (* Security fix *)
patches/packages/zlib-1.2.3-i486-1.tgz:  Upgraded to zlib-1.2.3.
  This fixes an additional crash not fixed by the patch to zlib-1.2.2.
  (* Security fix *)
+--------------------------+
Fri Jul 22 10:32:05 PDT 2005
patches/packages/kdenetwork-3.3.2-i486-2.tgz:  Patched overflows in
  libgadu (used by kopete) that can cause a denial of service or
  arbitrary code execution.
  For more information, see:
    http://www.kde.org/info/security/advisory-20050721-1.txt
  (* Security fix *)
patches/packages/mozilla-1.7.10-i486-1.tgz:  Upgraded to mozilla-1.7.10.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.10-noarch-1.tgz:  Upgraded Java(TM)
  symlink for Mozilla.
+--------------------------+
Tue Jul 19 20:21:49 PDT 2005
patches/packages/dnsmasq-2.22-i486-1.tgz:  Upgraded to dnsmasq-2.22.
  This fixes an off-by-one overflow vulnerability may allow a DHCP
  client to create a denial of service condition.  Additional code was
  also added to detect and defeat attempts to poison the DNS cache.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877
  (* Security fix *)
patches/packages/emacs-21.4a-i486-1.tgz:  Upgraded to emacs-21.4a.
  This fixes a vulnerability in the movemail utility when connecting to a
  malicious POP server that may allow the execution of arbitrary code as
  the user running emacs.
  (* Security fix *)
patches/packages/emacs-info-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
patches/packages/emacs-leim-21.4-noarch-1.tgz:  Upgraded to leim-21.4.
patches/packages/emacs-lisp-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
patches/packages/emacs-misc-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
patches/packages/emacs-nox-21.4a-i486-1.tgz:  Upgraded to emacs-21.4a.
+--------------------------+
Thu Jul 14 15:22:27 PDT 2005
patches/packages/tcpdump-3.9.3-i486-1.tgz:  Upgraded to libpcap-0.9.3 and
  tcpdump-3.9.3.  This fixes an issue where an invalid BGP packet can
  cause tcpdump to go into an infinate loop, effectively disabling network
  monitoring.
  (* Security fix *)
patches/packages/xv-3.10a-i486-4.tgz:  Upgraded to the latest XV jumbo
  patches, xv-3.10a-jumbo-fix-patch-20050410 and
  xv-3.10a-jumbo-enh-patch-20050501.  These fix a number of format string
  and other possible security issues in addition to providing many other
  bugfixes and enhancements.
  (Thanks to Greg Roelofs)
  (* Security fix *)
+--------------------------+
Mon Jul 11 15:02:11 PDT 2005
patches/packages/php-4.3.11-i486-2.tgz:  Upgraded PEAR XML_RPC class.
  This new PHP package fixes a PEAR XML_RPC vulnerability.  Sites that use
  this PEAR class should upgrade to the new PHP package, or as a minimal
  fix may instead upgrade the XML_RPC PEAR class with the following command:
    pear upgrade XML_RPC
  (* Security fix *)
+--------------------------+
Fri Jul  8 12:05:43 PDT 2005
patches/packages/zlib-1.2.2-i486-2.tgz:  Patched an overflow in zlib that
  could cause applications using zlib to crash.  The overflow does not
  involve user supplied data, and therefore does not allow the execution of
  arbitrary code.  However, it could still be used by a remote attacker to
  create a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
  (* Security fix *)
+--------------------------+
Tue Jun 21 22:32:29 PDT 2005
patches/packages/sudo-1.6.8p9-i486-1.tgz:  Upgraded to sudo-1.6.8p9.
  This new version of Sudo fixes a race condition in command pathname handling
  that could allow a user with Sudo privileges to run arbitrary commands.
  For full details, see the Sudo site:
    http://www.courtesan.com/sudo/alerts/path_race.html
  (* Security fix *)
+--------------------------+
Sat Jun 11 22:01:57 PDT 2005
patches/packages/gaim-1.3.1-i486-1.tgz:  Upgraded to gaim-1.3.1 and
  gaim-encryption-2.38.  This fixes a couple of remote crash bugs, so
  users of the MSN and Yahoo! chat protocols should upgrade to gaim-1.3.1.
  (* Security fix *)
+--------------------------+
Tue May 24 17:58:48 PDT 2005
These GTK+ related packages fix some bugs that affect Firefox and
Acrobat Reader.  Thanks to Helmut Schmid for the bug report.  :-)
patches/packages/atk-1.9.1-i486-1.tgz:  Upgraded to atk-1.9.1.
patches/packages/glib2-2.6.4-i486-1.tgz:  Upgraded to glib-2.6.4.
patches/packages/gtk+2-2.6.7-i486-1.tgz:  Upgraded to gtk+-2.6.7.
patches/packages/pango-1.8.1-i486-1.tgz:  Upgraded to pango-1.8.1.
+--------------------------+
Sun May 15 20:29:09 PDT 2005
patches/packages/ncftp-3.1.9-i486-1.tgz:  Upgraded to ncftp-3.1.9.
  This corrects a vulnerability where a download from a hostile FTP server
  might be written to an unintended location potentially compromising system
  security or causing a denial of service.
  For more details, see:
    http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.8-noarch-1.tgz:  Upgraded Java(TM)
  symlink for Mozilla.
patches/packages/mozilla-1.7.8-i486-1.tgz:  Upgraded to mozilla-1.7.8.
  Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow an
  attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only
  partially vulnerable.  For more details, see:
    http://www.mozilla.org/security/announce/mfsa2005-42.html
  (* Security fix *)
+--------------------------+
Fri May 13 12:48:53 PDT 2005
patches/packages/gaim-1.3.0-i486-1.tgz:  Upgraded to gaim-1.3.0.  This fixes a
  few bugs which could be used by a remote attacker to annoy a GAIM user by
  crashing GAIM and creating a denial of service.
  (* Security fix *)
+--------------------------+
Sun May  1 22:02:09 PDT 2005
patches/packages/infozip-5.52-i486-1.tgz:  Upgraded to unzip552.tar.gz and
  zip231.tar.gz.  These fix some buffer overruns if deep directory paths are
  packed into a Zip archive which could be a security vulnerability (for
  example, in a case of automated archiving or backups that use Zip).  However,
  it also appears that these now use certain assembly instructions that might
  not be available on older CPUs, so if you have an older machine you may wish
  to take this into account before deciding whether you should upgrade.
  (* Security fix *)
patches/packages/gxine-0.4.4-i486-1.tgz:  Upgraded to gxine-0.4.4.
patches/packages/xine-lib-1.0.1-i686-1.tgz:  Upgraded to xine-lib-1.0.1.
  This fixes some bugs in the MMS and Real RTSP streaming client code.
  While the odds of this vulnerability being usable to a remote attacker are
  low (but see the xine advisory), if you stream media from sites using these
  protocols (and you think the sites might be "hostile" and will try to hack
  into your xine client), then you might want to upgrade to this new version
  of xine-lib.  Probably the other fixes and enchancements in xine-lib-1.0.1
  are a better rationale to do so, though.
  For more details on the xine-lib security issues, see:
    http://xinehq.de/index.php/security/XSA-2004-8
  (* Security fix *)
+--------------------------+
Thu Apr 21 14:05:24 PDT 2005
patches/packages/cvs-1.11.20-i486-1.tgz:  Upgraded to cvs-1.11.20.
  From cvshome.org:  "This version fixes many minor security issues in the
  CVS server executable including a potentially serious buffer overflow
  vulnerability with no known exploit.  We recommend this upgrade for all CVS
  servers!"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
  (* Security fix *)
patches/packages/gaim-1.2.1-i486-1.tgz:  Upgraded to gaim-1.2.1.
  According to gaim.sf.net, this fixes a few denial-of-service flaws.
  (* Security fix *)
patches/packages/mozilla-1.7.7-i486-1.tgz:  Upgraded to mozilla-1.7.7.
  This fixes some security issues.  For complete details, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.7-noarch-1.tgz:  Upgraded Java(TM)
  symlink for Mozilla.
patches/packages/python-2.4.1-i486-1.tgz:  Upgraded to python-2.4.1.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers
  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    http://python.org/security/PSF-2005-001/
  (* Security fix *)
patches/packages/python-demo-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  demos.
patches/packages/python-tools-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1
  tools.
+--------------------------+
Tue Apr  5 12:51:06 PDT 2005
patches/packages/php-4.3.11-i486-1.tgz:  Upgraded to php-4.3.11.
 "This is a maintenance release that in addition to over 70 non-critical bug
  fixes addresses several security issues inside the exif and fbsql extensions
  as well as the unserialize(), swf_definepoly() and getimagesize() functions."
  (* Security fix *)
testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz:  Upgraded to php-5.0.4.
  Fixes various bugs (and security issues.)
  (* Security fix *)
+--------------------------+
Sat Mar 26 15:04:15 PST 2005
patches/packages/gaim-1.2.0-i486-1.tgz:  Upgraded to gaim-1.2.0 and
  gaim-encryption-2.36 (compiled against mozilla-1.7.6).
patches/packages/mozilla-1.7.6-i486-1.tgz:  Upgraded to mozilla-1.7.6.
  Fixes some security issues.  Please see mozilla.org for a complete list.
  (* Security fix *)
patches/packages/mozilla-plugins-1.7.6-noarch-1.tgz:  Adjusted plugin
  symlinks for Mozilla 1.7.6.
+--------------------------+
Wed Feb  2 18:22:01 PST 2005

Released Slackware 10.1 stable.

  Thanks to everyone who helped out with this release, and especially to the
  folks at GUS-BR and SlackSec who helped (and continue to help) with handling
  security issues for the last few months, to Andreas Liebschner for keeping
  the website updated and running smoothly, to Theresa Elam for all her hard
  work running store.slackware.com, to the folks on alt.os.linux.slackware for
  pointing out bugs and offering suggestions, to the people on ##slackware
  that I met on IRC (and some again in later emails), to Justin, Kyle, and Dean
  from the Linux User Group of Rochester, MN who I got to hang out with while
  "vacationing" at the Mayo Clinic, to everyone who signed my online Christmas
  card (one of the nicest things I ever got), and to all the kind and patient
  members of the Slackware community.  I hope all of you will enjoy this new
  Slackware release.

Have fun!  :-)

Your Slackware Maintainer,

Pat

PS   I'm looking forward to working with all of you towards the next one, too.
PPS  Sorry if that was too much like an Academy Award speech.  I could almost
     hear that music shoving me off the stage.  ;-)
+--------------------------+
Wed Feb  2 17:46:02 PST 2005
l/esound-0.2.35-i486-1.tgz:  Upgraded to esound-0.2.35.
l/gtk+2-2.6.1-i486-2.tgz:  Added a patch from CVS that can cause Pan and
  other GTK+ apps to hang under certain circumstances.
  Thanks to Charlie Law for pointing it out.
l/imlib-1.9.15-i486-1.tgz:  Upgraded to imlib-1.9.15.  This fixes an image
  decoder overflow in the BMP handling routines which could possibly be
  exploited if a specially crafted BMP image is loaded.  This seems like an
  unlikely situation, but better safe than sorry...
  (* Security fix *)
extra/j2sdk-1.5.0_01/j2sdk-1_5_0_01-i586-1.tgz:  There turned out to be just
  barely enough room in /extra on ISO 3 to squeeze the Java SDK in.  It's not
  likely to fit the next time around, though, but now you're getting many
  months of advance notice instead of having the rug pulled out from under
  you at the last minute.  In any event, I'll continue to include in /extra
  the script that easily allows packaging this as a tgz.
testing/packages/lvm2/device-mapper-1.01.00-i486-1.tgz:
  Upgraded to device-mapper-1.01.00.
testing/packages/lvm2/lvm2-2.01.03-i486-1.tgz:
  Upgraded to lvm2-2.01.03.
+--------------------------+
Mon Jan 31 17:37:20 PST 2005
extra/ham/:  Merged in ham packages from Arno Verhoeven.
extra/k3b/k3b-0.11.19-i486-1.tgz:  Upgraded to k3b-0.11.19.
extra/parted/parted-1.6.21-i486-1.tgz:  Upgraded to parted-1.6.21.
extra/slackpkg/slackpkg-1.4-noarch-10.tgz:  Upgraded to slackpkg-1.4-noarch-10.
+--------------------------+
Mon Jan 31 08:04:32 PST 2005
xap/fvwm-2.4.19-i486-4.tgz:  Removed --enable-xgetdefault, which was
  supposed to be added to rxvt, but I managed to confuse them...
  Thanks to Jakub Jankowski for pointing out this error.
xap/rxvt-2.7.10-i486-2.tgz:  Added --enable-xgetdefault to ./configure.
  Thanks to Corvin for the suggestion.  :-)
+--------------------------+
Sun Jan 30 17:41:11 PST 2005
a/pkgtools-10.1.0-i486-4.tgz:  Removed obsolete (and usually non-functional)
  LILO and simple bootdisk options from the "makebootdisk" menu.
l/jre-1_5_0_01-i586-1.tgz:  Moved from d/.
xap/fvwm-2.4.19-i486-3.tgz:  Added --enable-xgetdefault to ./configure.
  Thanks to Corvin for the suggestion.
xap/xfce-4.2.0-i486-3.tgz:  In xinitrc.xfce, make the /tmp/xrdb file in a
  more secure fashion.
+--------------------------+
Fri Jan 28 20:24:09 PST 2005
a/glibc-solibs-2.3.4-i486-1.tgz:  Upgraded to glibc-2.3.4.
a/glibc-zoneinfo-2.3.4-noarch-1.tgz:  Upgraded to glibc-2.3.4.
l/glibc-2.3.4-i486-1.tgz:  Upgraded to glibc-2.3.4.
l/glibc-i18n-2.3.4-noarch-1.tgz:  Upgraded to glibc-2.3.4.
l/glibc-profile-2.3.4-i486-1.tgz:  Upgraded to glibc-2.3.4.
n/irssi-0.8.9-i486-6.tgz:  Removed obsolete "botti" program.
  Thanks to Jakub Jankowski for helping the Slackware diet plan.  :-)
isolinux/initrd.img, rootdisks/install.*:  Fixed a bug where the installer
  ramdisk runs out of space.  Thanks to Haakon Riiser for the bug report.
+--------------------------+
Thu Jan 27 15:30:49 PST 2005
a/openssl-solibs-0.9.7e-i486-3.tgz:  "ldconfig ." no longer works as the
  man page says that it should, and so the library links were not being
  created in the package by openssl.SlackBuild.  This has been changed to
  "ldconfig -l *" which fixes the issue.  (Thanks to Mark Post).
a/pkgtools-10.1.0-i486-3.tgz:  Reverted /sbin/pkgtool to the version used in
  Slackware 10.0.  While this version is slower to build the list of packages
  when viewing or removing packages, it is far more forgiving of a slightly
  corrupted or out of spec package database.  There are many tools (like
  checkinstall) that do not build packages the same way that Slackware's
  makepkg does, and when these packages are installed the optimized version of
  pkgtool runs into problems.  These problems are caused by installing broken
  packages, and should not be blamed on pkgtool (there are many ways to build a
  tar+gz package that does not conform to the rules as defined by a makepkg
  built tgz package, and it would be impossible to "fix" pkgtool to handle all
  of them properly).  Perhaps these optimizations will be looked at again for
  Slackware 11, but IMHO a faster way to get a list of packages is to go into
  /var/log/packages and use "ls" and "less", and a better way to remove them
  is with removepkg.  In any case, this version of pkgtool works better so
  that's what will ship with Slackware 10.1.
d/jre-1_5_0_01-i586-1.tgz:  Replaced j2sdk 1.5.0 with jre-1.5.0_01.
  The full J2SDK is not needed by most people, and is making the first
  Slackware test ISO too large (size limit on a replicated ISO is 670MB), so
  an updated version of the JRE will replace it.  If you need the full J2SDK,
  it is easily obtained from Sun (at java.sun.com).
kde/kdeedu-3.3.2-i486-2.tgz:  Rebuilt, fixed incorrect permissions.
kde/kdelibs-3.3.2-i486-2.tgz:  Rebuilt to work with Python 2.4.
  Added kioslave patch.
kde/koffice-1.3.5-i486-2.tgz:  Rebuilt to work with Python 2.4.
  Patched kpdf crash.
l/sdl-1.2.8-i486-1.tgz:  Upgraded to sdl-1.2.8.
n/bind-9.3.0-i486-3.tgz:  Patched a possible denial of service in BIND's
  validator code.  The risk level on this bug is rather low, as the flaw
  only affects BIND if DNSSEC is used.  This is not the default setting.
  (* Security fix *)
n/openssl-0.9.7e-i486-3.tgz:  Rebuilt.
n/sendmail-8.13.3-i486-2.tgz:  Applied a CLOSE_WAIT patch.
n/sendmail-cf-8.13.3-noarch-2.tgz:  Rebuilt.
xap/mozilla-plugins-1.7.5-noarch-2.tgz:  Point to the correct path for the
  JRE rather than the J2SDK.
extra/slackpkg/slackpkg-1.4-noarch-9.tgz:  Upgraded to slackpkg-1.4-noarch-9.
+--------------------------+
Tue Jan 25 21:29:12 PST 2005
a/aaa_base-10.1.0-noarch-2.tgz:  Fixed email date and a couple typos.
a/hdparm-5.8-i486-1.tgz:  Upgraded to hdparm-5.8.
ap/mysql-4.0.23a-i486-1.tgz:  Upgraded to mysql-4.0.23a.
  I know there are newer production branches than 4.0.x, but don't think
  such a change would be good at the last minute.  It will be one of the
  first orders of pre-11-current business, though.
ap/sudo-1.6.8p6-i486-1.tgz:  Upgraded to sudo-1.6.8p6.
gnome/gthumb-2.6.3-i486-1.tgz:  Upgraded to gthumb-2.6.3.
n/imapd-4.62-i486-1.tgz:  Upgraded to imapd from pine-4.62.
n/nail-11.20-i486-1.tgz:  Upgraded to nail-11.20.
n/pine-4.62-i486-1.tgz: Upgraded to pine-4.62.
n/popa3d-0.6.4.1-i486-1.tgz: Upgraded to popa3d-0.6.4.1.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.10-i486-1.tgz:
  Compiled for Linux 2.6.10.
+--------------------------+
Mon Jan 24 20:41:03 PST 2005
a/aaa_base-10.1.0-noarch-1.tgz:  Bumped version number to 10.1.  Edited
  initial email.
a/aaa_elflibs-10.1.0-i486-1.tgz:  Updated initial library collection.
  Please remember that (as the package description notes) this package is
  only intended to be installed at an initial installation, and attempting
  to "upgrade" it later may copy over newer libraries and cause damage to
  your system.  Some broken upgrade tools haven't learned this fact...
a/pkgtools-10.1.0-i486-2.tgz:  Fixed a couple bugs and sped up pkgtool more.
  Thanks to Jim Hawkins and Lasse Collin for the pkgtool patches.
  Add a patch for removepkg to rmdir directories containing spaces.
  Thanks to Thomas Pfaff for this patch. 
f/linux-howtos-20050124-noarch-1.tgz:  Upgraded to Linux-HOWTOs-20050124.
kde/kdegraphics-3.3.2-i486-3.tgz:  Added a patch for another kpdf crash.
l/libtiff-3.7.1-i486-2.tgz:  Patched a transparency bug in libtiff.
  (Thanks to Piter Punk)
n/dnsmasq-2.20-i486-1.tgz:  Upgraded to dnsmasq-2.20.
n/sendmail-8.13.3-i486-1.tgz:  Upgraded to sendmail-8.13.3.
n/sendmail-cf-8.13.3-noarch-1.tgz:  Upgraded to sendmail-8.13.3 config files.
n/tcpip-0.17-i486-31.tgz:  Applied a couple of netconfig patches.
  Thanks to Daniel de Kok.
x/x11-6.8.1-i486-3.tgz:  Applied CAN-2004-0914 patch to libXpm.  Unlikely to
  ever be used in the real world other than (also unlikely) through a crash,
  but I'm trying to pay attention to detail.  :-)
  (* Security fix *)
x/x11-devel-6.8.1-i486-3.tgz:  Applied CAN-2004-0914 patch to libXpm.
xap/gaim-1.1.2-i486-1.tgz:  Upgraded to gaim-1.1.2 and gaim-encryption-2.33.
xap/xfce-4.2.0-i486-2.tgz:  Fixed /etc/X11/xdg/xfce4/xinitrc perms.
  (Thanks to Roberto Di Girolamo)
xap/xpdf-3.00-i486-3.tgz:  Added three patches that prevent xpdf crashes.
extra/bittorrent/bittorrent-3.9.1-noarch-1.tgz:  Upgraded to bittorrent-3.9.1.
  This is a beta, but the stable version does not work with Python 2.4, so
  it seems prudent to switch (and it works fine here).
zipslack/*:  Updated for Slackware 10.1.
+--------------------------+
Sat Jan 22 18:12:37 PST 2005
"Goes to show, you don't ever know"

Hi folks!
  I'm going to call this Slackware 10.1 beta 1, because we're at a state
where things are relatively stable.  There have been a great deal of
improvements over Slackware 10.0, and it would be best to get this out
before trying to tackle the major changes for Slackware 11.

  As far as I know, there are no serious security issues remaining in the
-current tree at this time.  There may still be a few image decoder bugs, but
these seem to be crash bugs at worst, if even that.  I've yet to hear of any of
them allowing remote access, or privilege escalation.  I do not think they are
worth delaying a Slackware release over.  I'd like to get to them, but my
condition is preventing this, and so I'm going to tell it like I think it is:
The sky is not really falling, regardless of what you read on BugTraq.  If I
am missing anything major though, please mail to security at slackware.com and
let me know about it.  As always, I want this to be a high-quality release.

  And about my status...  I didn't want to have to bring this up again, but
since a lot of people are under the impression that I've recovered and I'm
just fine (and are beginning to make the usual demands of my time ;-), I'd
better clarify what's going on.  Especially since I'm not exactly fine.

  Back on Thu Nov 25, I posted in the ChangeLog that I thought I had infective
endocarditis (and was promptly flamed for self-diagnosing again).  After so
much beating around the bush without getting a referral to a cardiologist, I
finally called one myself and waited the two weeks it takes to get in.  He is
a top-notch doctor and heart surgeon (I was very lucky to be able get in to see
him), and with no planting of any suggestion from me whatsoever came to the
conclusion that it seemed to be infective endocarditis.  I'm still waiting for
more test results, but it looks like I finally have someone working on my side.
So, lets hope that they get some conclusive diagnostics (I get another echo on
Wednesday), that I make it until they do, and that it's not too late for this
to be treated without a need for valve (or heart) replacement.  I've had a
rough couple of weeks (well, months really, but especially the last two weeks),
and I have to say that while it's good to have a near-death experience every
couple of years to keep your head clear and your focus on the important things
in life, having one every morning is too often.  With that frequency, they
start to become a distraction.  ;-)

  So, this verson is going to be wrapped up pretty quickly.  I hope people
will support the release, because I'm sure I'll have a lot more bills before
all of this is through, and I'm blowing through what little money I've managed
to save.  Again, I'm not asking for donations, but I hope that when Slackware
10.1 comes out that people wanting to help out will order it.  Also, in case
of emergency I've left instructions with some very trusted people, so nobody
should have to worry that if something happens to me that their Slackware
systems will be orphaned and unsupported.  It may be a long road back for me,
but there will be people taking care of security issues as they crop up
(like the folks at GUS-BR and SlackSec), and if I should make an unplanned
departure there is a basic plan of succession in place.

  Thanks again to all the kind folks I've known over the years, and I hope
to know you for many more.  :-)

Your Humble Slackware Maintainer,

Pat

Now, on to...
  Today's Slackware changes:
n/gnupg-1.2.7-i486-1.tgz:  Reverted to gnupg-1.2.7 since it produces
  working signatures for Slackware packages.  GnuPG 1.4.x will not be
  considered for slackware/n/ again until after the 10.1 release.
  This version works fine.
xap/fluxbox-0.9.12-i486-1.tgz:  Upgraded to fluxbox-0.9.12.
xap/gimp-2.2.3-i486-1.tgz:  Upgraded to gimp-2.2.3.
xap/xchat-2.4.1-i486-1.tgz:  Upgraded to xchat-2.4.1.
xap/xfce-4.2.0-i486-1.tgz:  Upgraded to xfce-4.2.0.  :-)
extra/slackpkg/slackpkg-1.3.1-noarch-3.tgz:
  Upgraded to slackpkg-1.3.1-noarch-3.
extra/slacktrack/slacktrack-1.23-i486-1.tgz:  
  Upgraded to slacktrack-1.23_1.
testing/packages/gnupg-1.4.0-i486-1.tgz:  Moved this back to /testing
  because it's creating broken signatures for Slackware packages.
testing/packages/linux-2.6.10/alsa-driver-1.0.8_2.6.10-i486-1.tgz:
  Compiled for Linux 2.6.10.
testing/packages/linux-2.6.10/kernel-generic-2.6.10-i486-1.tgz:
  Upgraded to Linux 2.6.10.
testing/packages/linux-2.6.10/kernel-headers-2.6.10-i386-1.tgz:
  Upgraded to Linux 2.6.10.
  (see the warning on this -- glibc should really be recompiled to make
  use of these headers).
testing/packages/linux-2.6.10/kernel-modules-2.6.10-i486-1.tgz:
  Upgraded to Linux 2.6.10.
testing/packages/linux-2.6.10/kernel-source-2.6.10-noarch-1.tgz:
  Upgraded to Linux 2.6.10.
+--------------------------+
Thu Jan 20 22:37:36 PST 2005
a/kernel-ide-2.4.29-i486-1.tgz:  Upgraded to Linux 2.4.29 kernel.
a/kernel-modules-2.4.29-i486-1.tgz:  
    Upgraded to Linux 2.4.29 kernel modules.
ap/alsa-utils-1.0.8-i486-1.tgz:  Upgraded to alsa-utils-1.0.8.
d/kernel-headers-2.4.29-i386-1.tgz:  Upgraded to kernel-headers-2.4.29.
gnome/gdm-2.6.0.6-i486-1.tgz:  Upgraded to gdm-2.6.0.6.
k/kernel-source-2.4.29-noarch-1.tgz:
  Upgraded to Linux 2.4.29 kernel source.
l/alsa-driver-1.0.8_2.4.29-i486-1.tgz:  Upgraded to alsa-driver-1.0.8.
l/alsa-lib-1.0.8-i486-1.tgz:  Upgraded to alsa-lib-1.0.8.
l/alsa-oss-1.0.8-i486-1.tgz:  Upgraded to alsa-oss-1.0.8.
n/gnupg-1.4.0-i486-1.tgz:  Moved gnupg-1.4.0 from /testing.
xap/gimp-2.2.2-i486-1.tgz:  Upgraded to gimp-2.2.2.
xap/imagemagick-6.1.9_0-i486-1.tgz:  Upgraded to ImageMagick-6.1.9-0.
xap/xscreensaver-4.19-i486-1.tgz:  Upgraded to xscreensaver-4.19.
bootdisks/*:  Upgraded to Linux 2.4.29 bootdisks.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.29-i486-1.tgz:
  Upgraded to linux-wlan-ng-0.2.1pre25 for Linux 2.4.29.
kernels/*:  Upgraded to Linux 2.4.29 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Updated kernel modules to 2.4.29.
+--------------------------+
Sat Jan 15 12:59:47 PST 2005
Hi folks.  Here's another little entry to the book of changes.  Thanks
for your patience, and keep the faith.  -- Pat
a/cups-1.1.23-i486-1.tgz:  Upgraded to cups-1.1.23.
a/udev-050-i486-1.tgz:  Upgraded to udev-050.
ap/mdadm-1.8.0-i486-1.tgz:  Reverted to mdadm-1.8.0.  It turns out that
  mdadm-1.8.1 is a new and unstable branch.  Sorry about that -- from the
  version number it looked innocent enough to me.  :-)
l/glib2-2.6.1-i486-1.tgz:  Upgraded to glib2-2.6.1.
l/gtk+2-2.6.1-i486-1.tgz:  Upgraded to gtk+2-2.6.1.
l/libtiff-3.7.1-i486-1.tgz:  Upgraded to libtiff-3.7.1.
n/gnupg-1.2.7-i486-1.tgz:  Upgraded to gnupg-1.2.7.
  (see also gnupg-1.4.0 in /testing below)
n/stunnel-4.07-i486-1.tgz:  Upgraded to stunnel-4.07.
xap/gimp-2.2.1-i486-1.tgz:  Upgraded to gimp-2.2.1.
xap/sane-1.0.15-i486-1.tgz:  Upgraded to sane-backends-1.0.15.
xap/xine-lib-1.0-i686-1.tgz:  Upgraded to xine-lib-1.0.
testing/packages/gnupg-1.4.0-i486-1.tgz:  Added gnupg-1.4.0.
  This is a new stable version of GnuPG.  Please test it out.  If no problems
  are reported it will replace gnupg-1.2.7 in slackware/n/ soon.
+--------------------------+
Mon Jan  3 22:29:13 PST 2005
kde/kdebindings-3.3.2-i486-3.tgz:  Patched to work with Python 2.4.
  Thanks to Giacomo Lozito for the patch.
l/taglib-1.3.1-i486-1.tgz:  Upgraded to taglib-1.3.1.
  Thanks to Fedele Liberatoscioli for mentioning this fixes some crashes
  in the 1.3 version of taglib.
extra/bittornado/bittornado-0.3.9b-noarch-1.tgz:  Upgraded to
  bittornado-0.3.9b built for Python 2.4.
extra/bittorrent/bittorrent-3.4.2-noarch-2.tgz:  Rebuilt for Python 2.4.
+--------------------------+
Sat Jan  1 22:56:49 PST 2005
Happy new year, everyone.  :-)
a/module-init-tools-3.1-i486-1.tgz:  Upgraded to module-init-tools-3.1 and
  modutils-2.4.27.
a/util-linux-2.12p-i486-1.tgz:  Upgraded to util-linux-2.12p.
ap/mdadm-1.8.1-i486-1.tgz:  Upgraded to mdadm-1.8.1.
d/binutils-2.15.92.0.2-i486-2.tgz:  Upgraded to ksymoops-2.4.10.
  Tried the newer binutils, but it couldn't compile ksymoops due to missing
  symbols in libbfd.so we'll stick with 2.15.92.0.2 for now...
d/cvs-1.11.18-i486-1.tgz:  Upgraded to cvs-1.11.18.
d/doxygen-1.4.0-i486-1.tgz:  Upgraded to doxygen-1.4.0.
d/perl-5.8.6-i486-1.tgz:  Upgraded to perl-5.8.6.
d/python-2.4-i486-1.tgz:  Upgraded to python-2.4.
d/python-demo-2.4-noarch-1.tgz:  Upgraded to python-2.4 demos.
d/python-tools-2.4-noarch-1.tgz:  Upgraded to python-2.4 tools.
kde/kdebindings-3.3.2-i486-2.tgz:  Recompiled, which seems to have broken
  the python binding as they are now missing.  Maybe there's a patch needed
  for this to work with python 2.4?
kde/kdegraphics-3.3.2-i486-2.tgz:  Patched post-3.3.2 kpdf problems.
  (* Security fix *)
l/libxml2-2.6.16-i486-1.tgz:  Upgraded to libxml2-2.6.16.
l/libxslt-1.1.12-i486-1.tgz:  Upgraded to libxslt-1.1.12.
n/getmail-4.2.5-noarch-1.tgz:  Upgraded to getmail-4.2.5.
n/irssi-0.8.9-i486-5.tgz:  Recompiled for perl-5.8.6.
xap/gaim-1.1.1-i486-1.tgz:  Upgraded to gaim-1.1.1.
extra/inn/inn-2.4.2-i486-1.tgz:  Upgraded to inn-2.4.2.
+--------------------------+
Wed Dec 22 19:50:57 PST 2004
a/openssl-solibs-0.9.7e-i486-2.tgz:  Rebuilt.
d/automake-1.9.4-noarch-1.tgz:  Upgraded to automake-1.9.4.
n/nfs-utils-1.0.7-i486-1.tgz:  Upgraded to nfs-utils-1.0.7.
n/openssl-0.9.7e-i486-2.tgz:  Small in patch in Makefile.org to
  prevent some symlinks that point to a library that doesn't exist.
  Thanks to /i. for pointing that out!
+--------------------------+
Tue Dec 21 19:07:25 PST 2004
More to come, including fixes in -stable.  Still catching up...
a/openssl-solibs-0.9.7e-i486-1.tgz:  Upgraded to openssl-0.9.7e.
a/tar-1.15.1-i486-1.tgz:  Upgraded to tar-1.15.1.
d/distcc-2.18.3-i486-1.tgz:  Upgraded to distcc-2.18.3.
d/kernel-headers-2.4.28-i386-1.tgz:  Upgraded to kernel-headers-2.4.28.
  (Sorry, forgot this before...  pointed out by Marin Mitov)
l/atk-1.9.0-i486-1.tgz:  Upgraded to atk-1.9.0.
l/glib2-2.6.0-i486-1.tgz:  Upgraded to glib-2.6.0.
l/gtk+2-2.6.0-i486-1.tgz:  Upgraded to gtk+-2.6.0.
l/libpng-1.2.8-i486-1.tgz:  Upgraded to libpng-1.2.8.
l/pango-1.8.0-i486-1.tgz:  Upgraded to pango-1.8.0.
n/lftp-3.0.13-i486-1.tgz:  Upgraded to lftp-3.0.13.
n/openssl-0.9.7e-i486-1.tgz:  Upgraded to openssl-0.9.7e.
n/php-4.3.10-i486-1.tgz:  Upgraded to php-4.3.10.
  This fixes a lot of bugs...  for a full list, see the PHP ChangeLog.
  (* Security fix *)
n/samba-3.0.10-i486-1.tgz:  Upgraded to samba-3.0.10.
xap/gimp-2.2.0-i486-1.tgz:  Upgraded to gimp-2.2.0.
xap/gxine-0.4.1-i486-1.tgz:  Upgraded to gxine-0.4.1.
xap/mozilla-1.7.5-i486-1.tgz:  Upgraded to mozilla-1.7.5.
xap/mozilla-plugins-1.7.5-noarch-1.tgz:  Upgraded to mozilla-plugins-1.7.5.
xap/xine-lib-1rc8-i686-1.tgz:  Upgraded to xine-lib-1-rc8.
xap/xine-ui-0.99.3-i686-1.tgz:  Upgraded to xine-ui-0.99.3.
testing/packages/gcc-3.4.3/gcc-*.tgz:  Upgraded to gcc-3.4.3.
testing/packages/php-5.0.3/php-5.0.3-i486-1.tgz:  Upgraded to php-5.0.3.
  This fixes a lot of bugs...  for a full list, see the PHP ChangeLog.
  (* Security fix *)
+--------------------------+
Sat Dec 18 23:22:21 PST 2004
"  "

Hi folks.  Well, I'm back in California and I'm happy to let you all know
that I'm feeling much better.  :-)  Here are a few updates so you can see
that I'm trying to get back into the swing of things.  Hopefully 10.1 won't
be too far off (I'm still trying to figure out just how far behind we are,
and what other fixes need to get merged in), and then we can look at what
exactly needs to be done to try to switch over to the new kernel series for
11, or sometime later on.  I still don't think it's time for that yet (it
will be best to wait until 2.4 can be abandoned).  Besides, I should
probably be trying to take it easy as much as I can.
There's no need to try for an encore...

I offer my thanks and gratitude to the many people who sent me kind words
and good advice, or indeed anything at all.  I figure it was all for a
reason, and that there were always lessons to be learned.  Hopefully I'll
learn them now!  ;-)

Most of these fine people will remain anonymous, however, one of my
doctors was Leonardo Faoro, a medical resident at the Mayo Clinic.  He's
running a support site for cancer patients at:
    http://www.cancerforums.net
and if you feel his site might be useful for yourself or anyone you know,
please spread the word about it.  Leo is a good guy and one heck of a
great doctor, and giving his site a little plug here is the least I can do.
He didn't ask for it, but don't think he'll mind.

Very best wishes to all, good luck in 2005, and THANKS AGAIN!,
It's good to be back.  :-)

I think I've been helped now, so this text file won't hang
around forever, but I'll leave it at

  http://slackware.com/~volkerdi/PAT-NEEDS-YOUR-HELP.txt

for a little while in case anyone is still interested.
It's the closest thing to a blog I've ever done.  (ooooo!  ;-)

Take care,

Pat


a/kernel-ide-2.4.28-i486-1.tgz:  Upgraded to Linux 2.4.28 kernel.
a/kernel-modules-2.4.28-i486-1.tgz:  
    Upgraded to Linux 2.4.28 kernel modules.
a/syslinux-2.13-i486-1.tgz:  Upgraded to syslinux-2.13.
ap/alsa-utils-1.0.7-i486-1.tgz:  Upgraded to alsa-utils-1.0.7.
ap/sudo-1.6.8p5-i486-1.tgz:  Upgraded to sudo-1.6.8p5.
d/gdb-6.3-i486-1.tgz:  Upgraded to gdb-6.3.
k/kernel-source-2.4.28-noarch-1.tgz:
  Upgraded to Linux 2.4.28 kernel source.
l/alsa-driver-1.0.7_2.4.28-i486-1.tgz:  
  Upgraded to alsa-driver-1.0.7 compiled for Linux 2.4.28.
l/alsa-lib-1.0.7-i486-1.tgz:  Upgraded to alsa-lib-1.0.7.
l/alsa-oss-1.0.7-i486-1.tgz:  Upgraded to alsa-oss-1.0.7.
l/arts-1.3.2-i486-1.tgz:  Upgraded to arts-1.3.2.
kde/kdeaccessibility-3.3.2-i486-1.tgz:  Upgraded to kdeaccessibility-3.3.2.
kde/kdeaddons-3.3.2-i486-1.tgz:  Upgraded to kdeaddons-3.3.2.
kde/kdeadmin-3.3.2-i486-1.tgz:  Upgraded to kdeadmin-3.3.2.
kde/kdeartwork-3.3.2-i486-1.tgz:  Upgraded to kdeartwork-3.3.2.
kde/kdebase-3.3.2-i486-1.tgz:  Upgraded to kdebase-3.3.2.
kde/kdebindings-3.3.2-i486-1.tgz:  Upgraded to kdebindings-3.3.2.
kde/kdeedu-3.3.2-i486-1.tgz:  Upgraded to kdeedu-3.3.2.
kde/kdegames-3.3.2-i486-1.tgz:  Upgraded to kdegames-3.3.2.
kde/kdegraphics-3.3.2-i486-1.tgz:  Upgraded to kdegraphics-3.3.2.
kde/kdelibs-3.3.2-i486-1.tgz:  Upgraded to kdelibs-3.3.2.
kde/kdemultimedia-3.3.2-i486-1.tgz:  Upgraded to kdemultimedia-3.3.2.
kde/kdenetwork-3.3.2-i486-1.tgz:  Upgraded to kdenetwork-3.3.2.
kde/kdepim-3.3.2-i486-1.tgz:  Upgraded to kdepim-3.3.2.
kde/kdesdk-3.3.2-i486-1.tgz:  Upgraded to kdesdk-3.3.2.
kde/kdetoys-3.3.2-i486-1.tgz:  Upgraded to kdetoys-3.3.2.
kde/kdeutils-3.3.2-i486-1.tgz:  Upgraded to kdeutils-3.3.2.
kde/kdevelop-3.1.2-i486-1.tgz:  Upgraded to kdevelop-3.1.2.
kde/kdewebdev-3.3.2-i486-1.tgz:  Upgraded to kdewebdev-3.3.2.
kdei/*.tgz:  Upgraded to kde-i18n-3.3.2.
n/samba-3.0.9-i486-2.tgz:  Upgraded to samba-3.0.9.
  A possible buffer overrun in smbd could lead to code execution by a remote
  user. For more details, see:
     http://samba.cdpa.nsysu.edu.tw/samba/news/#can-2004-0882
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0882
  (* Security fix *)
  Used -2 since this is essentially the same build as Bruno and
  Piter's package.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre23_2.4.28-i486-1.tgz:
  Upgraded to linux-wlan-ng-0.2.1pre23 compiled for Linux 2.4.28.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre23_2.6.9-i486-1.tgz:
  Upgraded to linux-wlan-ng-0.2.1pre23 compiled for Linux 2.6.9.
kernels/*:  Upgraded to Linux 2.4.28 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Updated kernel modules to 2.4.28.
+--------------------------+
Thu Nov 25 17:14:42 PST 2004
"Netcraft does not yet confirm it"

Hi again, everyone.  I wish I could report that I'm doing great
and will be back to full health soon, but I can't.  Possibly due to
the antibiotics I've already taken, the doctors I've seen have been
unable to find signs of infection, and my blood ESR is normal.
Nevertheless, the signs of complications from an infection are quite
clear.  I've had a number of pulmonary "pops" that are either burst
lung abscesses or blebs, and things have spread in a bad way.  A
thickening of my pleura has been noted, as well as pericarditis.
Most disturbing of all, I have developed mitral valve prolapse and
regurgitation.  I've had a fever and soaking night sweats.  I can't
stand for too long without getting faint.  Lately I've been spending
a lot of my time on the floor.  I have no history of heart problems
and when I got the first chest pains (crushing ones) I went to the
ER immediately.  This was on 11/10.  They found nothing wrong and
sent me away.  The next day I saw an internal medicine MD who gave me
a complete exam including carefully listening for heart problems, and
found nothing wrong.  The pain continued, and by the time I got to
the Mayo I had heart trouble so obvious that nobody has failed to
recognize it since.  However, it's been a problem getting anyone to
consider that this is a new problem.  Most of the people I've seen
think that they are the first to notice it and that everyone before
them must have missed it, and that I've certainly had it my whole life.
But having recently had a major infection and fever and developing a
new murmur and chest pains I'd think it would be only prudent to
treat this as complicated infective endocarditis.  I've been to
another different ER with more crushing chest pains since then and
have begged for a needle biopsy to check the plural fluid for empyema,
but nobody will do this diagnostic either.  I've verified online that
it's not only possible to have a normal ESR and infective endocarditis
but that patients that present that way have a statistically worse
outcome (maybe because nobody will treat it).  Anyway, I'm still
hoping to get the treatment that I'm sure I need, but if there's an
insistance on clinical proof first and treatment second, the proof
might be found at autopsy time.  Oh, I've also finally flunked an ECG
after several normal ones and at least pericarditis is now proven.
Now, to clear up a few things.  In my initial report I mistakenly
reported that I'd taken 60 days of Cipro for a pulmonary infection.
(hey, I was up late freaking out a bit)  This might not have been
for as long a period of time, and it was actually to treat a
relapse of prostatitis (and yes, that does require a long course).
As for those who say I should stop trying to diagnose myself:  I am
trying to get doctors to diagnose this ongoing problem.  Meanwhile,
it is only wise to try to figure out what's going on myself, and to
get input from as many sources as I possibly can.  After all,
sometimes the cavalry just isn't coming.  Or as the old (I think
Russian) proverb says:  "Pray to God, but keep rowing to shore."

I built a few updates to get my mind on happier things.  Maybe I'll
have time to look at the kernel sometime soon, too, but getting my
health back remains the A-number-1 priority here.

kde/koffice-1.3.5-i486-1.tgz:  Upgraded to koffice-1.3.5.
kdei/koffice*.tgz:  Upgraded to koffice-i18n-1.3.5.

Also, Bruno H Collovini and Piter Punk in Brazil have been helping
to build security updates for Slackware while I'm (mostly) out of
commission.  They've helped with Slackware for many years and I
trust and authorize their patches.  These can be found here:

  http://www.slackware.org.br/~patrick/WORKGUS/

Thanks to everyone who has offered to help, and sent get well soon
and other kind emails.  I really appreciate it.  I'm also grateful
for many of the suggestions on how to boost my immune system with
natural products (hey, that oregano oil can't hurt and tastes
pretty good!  :-).  I'm going to have to request that the phone
calls stop unless it's for a really good reason, as I've had more
calls than I can possibly return at this point.

All the best (and to those in the US, happy Thanksgiving),

Pat

PS  My primary development box just mostly locked up on me, so I'll
probably be unable to do additional updates (or at least sign them
properly) until I can get back to CA.  What I can and will do is to
run a top-level CHECKSUMS.md5, and then sign that with my GPG key.

PPS  Please do not post emails from me without my permission.
     Thanks.

+--------------------------+
Tue Nov 16 08:50:51 PST 2004
Hi folks, sorry about the lack of updates for a while.
I've been pretty sick.  If you want the full details (especially if
you are in a position to help me), please see the file
PAT-NEEDS-YOUR-HELP.txt.

ftp://ftp.slackware.com/pub/slackware/slackware-current/PAT-NEEDS-YOUR-HELP.txt

Thanks.  :-)

a/acpid-1.0.4-i486-2.tgz:  Fixed perms of /usr/doc/acpid-1.0.4/samples/
  directory.  (thanks to Piotr Simon)
+--------------------------+
Wed Nov  3 22:48:47 PST 2004
a/bash-3.0-i486-2.tgz:  Applied official bash-3.0 patches 1-15.
a/hotplug-2004_09_23-noarch-1.tgz:  Upgraded to hotplug-2004_09_23.
a/pkgtools-10.1.0-i486-1.tgz:  Patched pkgtools to dramatically improve the
  speed of the "View" option.  The patch was written by Jim Hawkins and
  forwarded to me by Stuart Winter.  Thanks much!
  Fixed a typo in pkgtool.8.  (thanks to "ldconfig")
a/util-linux-2.12h-i486-1.tgz:  Upgraded to util-linux-2.12h.
ap/mdadm-1.8.0-i486-1.tgz:  Upgraded to mdadm-1.8.0.
l/libexif-0.6.11-i486-1.tgz:  Upgraded to libexif-0.6.11 (but retained
  libexif.so.9.1.2 from libexif-0.5.12 to give third party packages
  a chance to be recompiled).
n/lftp-3.0.11-i486-1.tgz:  Upgraded to lftp-3.0.11.
n/samba-3.0.7-i486-2.tgz:  Applied a patch from Samba CVS needed to fix smbtree
  on systems using a recent glibc (such as the one here in Slackware -current).
  Thanks to Arthur Huillet for referring me to the patch and online discussion.
n/tcpip-0.17-i486-30.tgz:  Upgraded to ethtool-2 and tftp-hpa-0.40.
  Fixed a DoS bug in ntalkd.  Thanks to Mauro Persano who discovered the bug
  and sent in a patch, and Dmitry V. Levin who refined it.
xap/gimp-2.0.6-i486-1.tgz:  Upgraded to gimp-2.0.6.
extra/slackpkg/slackpkg-1.3-noarch-4.tgz:  Upgraded to slackpkg-1.3-noarch-4.
+--------------------------+
Sun Oct 31 22:03:05 PST 2004
a/cups-1.1.22-i486-1.tgz:  Upgraded to cups-1.1.22.
a/pcmcia-cs-3.2.8-i486-1.tgz:  Upgraded to pcmcia-cs-3.2.8.
a/udev-042-i486-1.tgz:  Upgraded to udev-042.
ap/mysql-4.0.22-i486-1.tgz:  Upgraded to mysql-4.0.22.
d/binutils-2.15.92.0.2-i486-1.tgz:  Upgraded to binutils-2.15.92.0.2.
d/oprofile-0.8.1-i486-2.tgz:  Recompiled against libbfd from
  binutils-2.15.92.0.2.
kde/kdegraphics-3.3.1-i486-2.tgz:  Patched a crash bug in kpdf.
kde/koffice-1.3.4-i486-2.tgz:  Updated to koffice-1.3.4 and patched a bug
  in xpdf-based code that could cause a crash.
l/libtiff-3.7.0-i486-1.tgz:  Upgraded to libtiff-3.7.0.
  This fixes several bugs that could lead to crashes, or could possibly allow
  arbitrary code to be executed.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
  (* Security fix *)
l/libxml2-2.6.15-i486-1.tgz:  Upgraded to libxml2-2.6.15.
n/apache-1.3.33-i486-1.tgz:  Upgraded to apache-1.3.33.
  This fixes one new security issue (the first issue, CAN-2004-0492, was fixed
  in apache-1.3.32).  The second bug fixed in 1.3.3 (CAN-2004-0940) allows a
  local user who can create SSI documents to become "nobody".  The amount of
  mischief they could cause as nobody seems low at first glance, but it might
  allow them to use kill or killall as nobody to try to create a DoS.
  Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski).
  (* Security fix *)
n/mod_ssl-2.8.22_1.3.33-i486-1.tgz:  Upgraded to mod_ssl-2.8.22_1.3.33.
n/nail-11.13-i486-1.tgz:  Upgraded to nail-11.13.
n/netatalk-2.0.1-i486-1.tgz:  Upgraded to netatalk-2.0.1.
xap/gnuchess-5.07-i486-1.tgz:  Upgraded to gnuchess-5.07.
  This package also contains Sjeng-Free-11.2, eboard-0.9.5, and xboard-4.2.7.
xap/imagemagick-6.1.2_4-i486-1.tgz:  Upgraded to ImageMagick-6.1.2-4.
xap/windowmaker-0.91.0-i486-1.tgz:  Upgraded to WindowMaker-0.91.0.
pasture/pasture/ifhp-3.5.18-i486-1.tgz:  Upgraded to ifhp-3.5.18.
pasture/lprng-3.8.28-i486-1.tgz:  Upgraded to LPRng-3.8.28.
testing/packages/linux-2.6.9/alsa-driver-1.0.6a_2.6.9-i486-1.tgz:
  Upgraded to ALSA kernel modules for Linux 2.6.9.
testing/packages/linux-2.6.9/kernel-generic-2.6.9-i486-1.tgz:
  Upgraded to Linux 2.6.9 kernel.
testing/packages/linux-2.6.9/kernel-headers-2.6.9-i386-1.tgz:
  Upgraded to Linux 2.6.9 kernel headers.
testing/packages/linux-2.6.9/kernel-modules-2.6.9-i486-1.tgz:
  Upgraded to Linux 2.6.9 kernel modules.
testing/packages/linux-2.6.9/kernel-source-2.6.9-noarch-1.tgz:
  Upgraded to Linux 2.6.9 kernel source.
+--------------------------+
Mon Oct 25 16:35:04 PDT 2004
n/apache-1.3.32-i486-1.tgz:  Upgraded to apache-1.3.32.
  This addresses a heap-based buffer overflow in mod_proxy by
  rejecting responses from a remote server with a negative
  Content-Length.  The flaw could crash the Apache child process,
  or possibly allow code to be executed as the Apache user (but
  only if mod_proxy is actually in use on the server).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492
  (* Security fix *)
n/mod_ssl-2.8.21_1.3.32-i486-1.tgz:  Upgraded to mod_ssl-2.8.21-1.3.32.
  Don't allow clients to bypass cipher requirements, possibly negotiating
  a connection that the server does not consider secure enough.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
  (* Security fix *)
+--------------------------+
Fri Oct 22 15:28:06 PDT 2004
xap/gaim-1.0.2-i486-1.tgz:  Upgraded to gaim-1.0.2 and gaim-encryption-2.32.
  A buffer overflow in the MSN protocol handler for GAIM 0.79 to 1.0.1
  allows remote attackers to cause a denial of service (application
  crash) and may allow the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
  (* Security fix *)
+--------------------------+
Mon Oct 18 23:48:13 PDT 2004
a/acpid-1.0.4-i486-1.tgz:  Upgraded to acpid-1.0.4.
a/sysvinit-2.84-i486-51.tgz:  In rc.S, make sure /tmp/.ICE-unix and
  /tmp/.X11-unix exist and have proper permissions.  X.Org no longer
  creates these if they are missing which is a problem for users who
  are using a tmpfs on /tmp.  Reported by Alexandre Pinaffii Andrucioli,
  Stefano Mangione, and Luigi Genoni.
  In rc.S and rc.6, check /proc/ioports to make sure that the RTC lists
  ports, and if so use a workaround to prevent hwclock from hanging.
  Thanks to Piter PUNK for the bug report and patch.
  In rc.M, don't start acpid if apmd is already running regardless of
  the perms on rc.acpid (thanks again to Piter PUNK).
n/curl-7.12.2-i486-1.tgz:  Upgraded to curl-7.12.2.
n/nmap-3.75-i486-1.tgz:  Upgraded to nmap-3.75.
  Fixed nmapfe.desktop to follow freedesktop.org specs and
  moved it to /usr/share/applications.
x/x11-6.8.1-i486-2.tgz:  Rebuilt.  X.Org made a few minor slient fixes to
  the X11R6.8.1 (like the version number), so it seemed like a good idea
  to rebuild.  Thanks to Sergei Mutovkin for reporting this situation.
x/x11-devel-6.8.1-i486-2.tgz:  Rebuilt.
x/x11-docs-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-docs-html-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-fonts-misc-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-fonts-scale-6.8.1-noarch-2.tgz:  Rebuilt.
x/x11-xdmx-6.8.1-i486-2.tgz:  Rebuilt.
x/x11-xnest-6.8.1-i486-2.tgz:  Patched to prevent an xnest crash.
  Thanks to Mariusz 'mj' Jedrzejewski for reporting this problem and
  providing a patch from the X.Org CVS.
x/x11-xvfb-6.8.1-i486-2.tgz:  Rebuilt.
xap/abiword-2.0.12-i486-1.tgz:  Upgraded to abiword-2.0.12.
  Moved from /gnome and compiled without GNOME dependencies.
xap/gftp-2.0.17-i486-2.tgz:  Build with .SlackBuild, not .build.
  Fixed gftp.desktop.
xap/gucharmap-1.4.1-i486-2.tgz:  Moved from /gnome.
  Build with .SlackBuild, not .build.
  Fixed gucharmap.desktop.
xap/sane-1.0.14-i486-3.tgz:  Upgraded to sane-frontends-1.0.13.
  Build with .SlackBuild, not .build.
xap/xine-ui-0.99.2-i686-2.tgz:  Fixed xine.desktop.
+--------------------------+
Thu Oct 14 22:56:20 PDT 2004
ap/hpijs-1.7-i486-1.tgz:  Upgraded to hpijs-1.7.
ap/lsof-4.72-i486-1.tgz:  Upgraded to lsof-4.72.
ap/sox-12.17.6-i486-1.tgz:  Upgraded to sox-12.17.6.
kde/kdeaccessibility-3.3.1-i486-1.tgz:  Upgraded to kdeaccessibility-3.3.1.
kde/kdeaddons-3.3.1-i486-1.tgz:  Upgraded to kdeaddons-3.3.1.
kde/kdeadmin-3.3.1-i486-1.tgz:  Upgraded to kdeadmin-3.3.1.
kde/kdeartwork-3.3.1-i486-1.tgz:  Upgraded to kdeartwork-3.3.1.
kde/kdebase-3.3.1-i486-1.tgz:  Upgraded to kdebase-3.3.1.
kde/kdebindings-3.3.1-i486-1.tgz:  Upgraded to kdebindings-3.3.1.
kde/kdeedu-3.3.1-i486-1.tgz:  Upgraded to kdeedu-3.3.1.
kde/kdegames-3.3.1-i486-1.tgz:  Upgraded to kdegames-3.3.1.
kde/kdegraphics-3.3.1-i486-1.tgz:  Upgraded to kdegraphics-3.3.1.
kde/kdelibs-3.3.1-i486-1.tgz:  Upgraded to kdelibs-3.3.1.
kde/kdemultimedia-3.3.1-i486-1.tgz:  Upgraded to kdemultimedia-3.3.1.
kde/kdenetwork-3.3.1-i486-1.tgz:  Upgraded to kdenetwork-3.3.1.
kde/kdepim-3.3.1-i486-1.tgz:  Upgraded to kdepim-3.3.1.
kde/kdesdk-3.3.1-i486-1.tgz:  Upgraded to kdesdk-3.3.1.
kde/kdetoys-3.3.1-i486-1.tgz:  Upgraded to kdetoys-3.3.1.
kde/kdeutils-3.3.1-i486-1.tgz:  Upgraded to kdeutils-3.3.1.
kde/kdevelop-3.1.1-i486-1.tgz:  Upgraded to kdevelop-3.1.1.
kde/kdewebdev-3.3.1-i486-1.tgz:  Upgraded to kdewebdev-3.3.1.
kde/koffice-1.3.4-i486-1.tgz:  Upgraded to koffice-1.3.4.
kde/qt-3.3.3-i486-3.tgz:  Recompiled.  Note that this includes the change
  previously in /testing where the libqt.so -> libqt-mt.so symlinks have
  been removed.  (this shouldn't affect any recent binaries, but might
  break some old ones)
kdei/*.tgz:  Upgraded to kde-i18n-3.3.1 and koffice-i18n-1.3.4.
l/arts-1.3.1-i486-1.tgz:  Upgraded to arts-1.3.1.
l/glib2-2.4.7-i486-1.tgz:  Upgraded to glib-2.4.7.
l/gtk+2-2.4.13-i486-1.tgz:  Upgraded to gtk+-2.4.13.
l/libao-0.8.5-i486-1.tgz:  Upgraded to libao-0.8.5.
l/libidn-0.5.8-i486-1.tgz:  Added libidn-0.5.8.
l/libxml2-2.6.14-i486-1.tgz:  Upgraded to libxml2-2.6.14.
l/libxslt-1.1.11-i486-1.tgz:  Upgraded to libxslt-1.1.11.
l/pcre-5.0-i486-1.tgz:  Upgraded to pcre-5.0.
n/dnsmasq-2.15-i486-1.tgz:  Upgraded to dnsmasq-2.15.
xap/fvwm-2.4.19-i486-2.tgz:  Fixed fvwm-root manpage symlink.
  (thanks to Mark Post)
testing/{packages,source}/kde-3.3/:  Removed.
+--------------------------+
Mon Oct 11 23:41:16 PDT 2004
a/glibc-solibs-2.3.3-i486-2.tgz:  Updated from CVS.  Added the files
  in /usr/lib/gconv to glibc-solibs.  (thanks to Tomas Matejicek)
a/glibc-zoneinfo-2.3.3-noarch-2.tgz:  Updated from CVS.
a/udev-035-i486-1.tgz:  Upgraded to udev-035.  
  Thanks to ismail donmez and Jakub Jankowski for pointing out some
  problems with pty handling in the previous udev.rules config file.
a/util-linux-2.12g-i486-2.tgz:  Put the adjtimex docs in the
  proper directory (thanks to Stuart Winter).
d/doxygen-1.3.9.1-i486-1.tgz:  Upgraded to doxygen-1.3.9.1.
l/glibc-2.3.3-i486-2.tgz:  Updated from CVS.
l/glibc-i18n-2.3.3-noarch-2.tgz:  Updated from CVS.
l/glibc-profile-2.3.3-i486-2.tgz:  Updated from CVS.
n/getmail-4.2.2-noarch-1.tgz:  Upgraded to getmail-4.2.2.
n/netatalk-2.0.0-i486-1.tgz:  Upgraded to netatalk-2.0.0.
n/rsync-2.6.3-i486-1.tgz:  Upgraded to rsync-2.6.3.
  From the rsync NEWS file:
      A bug in the sanitize_path routine (which affects a non-chrooted
      rsync daemon) could allow a user to craft a pathname that would get
      transformed into an absolute path for certain options (but not for
      file-transfer names).  If you're running an rsync daemon with chroot
      disabled, *please upgrade*, ESPECIALLY if the user privs you run
      rsync under is anything above "nobody".
  Note that rsync, in daemon mode, sets the "use chroot" to true by
  default, and (in this default mode) is not vulnerable to this issue.
  I would strongly recommend against setting "use chroot" to false
  even if you've upgraded to this new package.
  (* Security fix *)
n/sendmail-8.13.1-i486-2.tgz:  Recompiled with -DSOCKETMAP.
  Recommended by Catalin(ux aka Dino) BOIE.
n/sendmail-cf-8.13.1-noarch-2.tgz:  Rebuilt.
xap/fvwm-2.4.19-i486-1.tgz:  Upgraded to fvwm-2.4.19.
xap/gaim-1.0.1-i486-1.tgz:  Upgraded to gaim-1.0.1.
xap/gftp-2.0.17-i486-1.tgz:  Moved from /gnome.  Apparently gftp
  doesn't require any of the GNOME libraries.  I've heard that
  AbiWord can also be built so that it does not require GNOME
  libraries but haven't had much luck getting it to work that
  way.  Does anyone know how to do that?  How about a GNOMEless
  gnumeric (I suspect that's not possible, but...)?
extra/bison-1.875d/bison-1.875d-i486-1.tgz:  Upgraded to bison-1.875d.
pasture/fvwm95-2.0.43ba-i386-2.tgz:  Moved to /pasture.
+--------------------------+
Thu Oct  7 19:03:18 PDT 2004
a/util-linux-2.12g-i486-1.tgz:  Upgraded to util-linux-2.12g,
  adjtimex-1.20, and ziptool-1.4.0.
d/doxygen-1.3.9-i486-1.tgz:  Upgraded to doxygen-1.3.9.
d/guile-1.6.5-i486-1.tgz:  Upgraded to guile-1.6.5.
gnome/gst-plugins-0.8.5-i486-1.tgz:  Upgraded to gst-plugins-0.8.5.
gnome/gstreamer-0.8.7-i486-1.tgz:  Upgraded to gstreamer-0.8.7.
n/slrn-0.9.8.1-i486-1.tgz:  Upgraded to slrn-0.9.8.1.
xap/imagemagick-6.1.0_5-i486-1.tgz:  Upgraded to ImageMagick-6.1.0-5.
+--------------------------+
Mon Oct  4 11:57:38 PDT 2004
ap/flac-1.1.1-i486-1.tgz:  Upgraded to flac-1.1.1.
ap/vorbis-tools-1.0.1-i486-3.tgz:  Recompiled against new libFLAC.
d/j2sdk-1_5_0-i586-1.tgz:  Upgraded to Java(TM) 2 Software Development
  Kit Standard Edition, Version 1.5.0.
gnome/gst-plugins-0.8.1-i486-2.tgz:  Recompiled against new libFLAC.
l/zlib-1.2.2-i486-1.tgz:  Upgraded to zlib-1.2.2.  This fixes a
  possible DoS in earlier versions of zlib-1.2.x.
  (* Security fix *)
n/dhcp-3.0.1-i486-1.tgz:  Upgraded to dhcp-3.0.1.
n/getmail-4.2.0-noarch-1.tgz:  Upgraded to getmail-4.2.0.  Earlier
  versions contained a local security flaw when used in an insecure
  fashion (surprise, running something as root that writes to user-
  controlled files or directories could allow the old symlink attack
  to clobber system files!  :-)  From the getmail CHANGELOG:
      This vulnerability is not exploitable if the administrator does
      not deliver mail to the maildirs/mbox files of untrusted local
      users, or if getmail is configured to use an external
      unprivileged MDA.  This vulnerability is not remotely exploitable.
  Most users would not use getmail in such as way as to be vulnerable
  to this flaw, but if your site does this package closes the hole.
  I'd also recommend not using getmail like this.  Either run it as the
  user that owns the target mailbox, or deliver through an external MDA.
  (* Security fix *)
n/sendmail-8.13.1-i486-1.tgz:  Upgraded to sendmail-8.13.1.
n/sendmail-cf-8.13.1-noarch-1.tgz:  Upgraded to sendmail-8.13.1 configs.
xap/mozilla-plugins-1.7.3-noarch-2.tgz:  Point the libjavaplugin_oji.so
  symlink at the new Java plugin.
xap/xine-lib-1rc6a-i686-2.tgz:  Recompiled against new libFLAC.
xap/xmms-1.2.10-i486-2.tgz:  Added arts_output-0.7.1 aRts output plugin.
+--------------------------+
Tue Sep 28 13:58:36 PDT 2004
a/gawk-3.1.4-i486-1.tgz:  Upgraded to GNU gawk-3.1.4.
ap/mdadm-1.7.0-i486-1.tgz:  Upgraded to mdadm-1.7.0.
xap/gkrellm-2.2.4-i486-1.tgz:  Upgraded to gkrellm-2.2.4.
+--------------------------+
Sun Sep 26 21:28:28 PDT 2004
l/lesstif-0.93.96-i486-1.tgz:  Upgraded to lesstif-0.93.96.
xap/gaim-1.0.0-i486-2.tgz:  Fixed the gaim-encryption plugin by upgrading
  to gaim-encryption-2.31.
xap/gimp-2.0.5-i486-1.tgz:  Upgraded to gimp-2.0.5.
+--------------------------+
Fri Sep 24 11:39:24 PDT 2004
n/php-4.3.9-i486-1.tgz:  Upgraded to php-4.3.9.
testing/packages/php-5.0.2/php-5.0.2-i486-1.tgz:  Upgraded to php-5.0.2.
+--------------------------+
Fri Sep 24 00:43:51 PDT 2004
n/bind-9.3.0-i486-2.tgz:  Fixed missing libbind9.so.0.0.4.
  Thanks to Alan Brantley and Catalin(ux aka Dino) BOIE for the
  quick heads-up!
+--------------------------+
Thu Sep 23 18:11:17 PDT 2004
d/automake-1.9.2-noarch-1.tgz:  Upgraded to GNU automake-1.9.2.
d/libtool-1.5.10-i486-1.tgz:  Upgraded to GNU libtool-1.5.10.
d/oprofile-0.8.1-i486-1.tgz:  Upgraded to oprofile-0.8.1.
  (Suggested by Michael Iatrou)
l/gmp-4.1.4-i486-1.tgz:  Upgraded to GNU gmp-4.1.4.
n/bind-9.3.0-i486-1.tgz:  Upgraded to bind-9.3.0.
xap/xsane-0.96-i486-1.tgz:  Upgraded to xsane-0.96.
bootdisks/sata.i:  Rebuilt (see below).
bootdisks/speakup.s:  Rebuilt (fixed missing speakup support).
extra/k3b/k3b-0.11.17-i486-1.tgz:  Upgraded to k3b-0.11.17.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre22_2.4.27-i486-1.tgz:
  Upgraded to linux-wlan-ng-0.2.1pre22 (compiled for Linux 2.4.27).
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre22_2.6.8.1-i486-1.tgz
  Upgraded to linux-wlan-ng-0.2.1pre22 (compiled for Linux 2.6.8.1).
  Thanks to Leopold Midha for suggesting these upgrades.
extra/parted/parted-1.6.15-i486-1.tgz:  Upgraded to GNU parted-1.6.15.
kernels/sata.i/:  Removed Silicon Image ATA support since it interferes
  with the libata SATA driver.  This also removes support for the PATA
  CMD640 chipset, since that's part of the old Silicon Image ATA driver.
  Thanks to Miha Verlic for pointing out this incompatibility.
kernels/speakup.s/:  Fixed missing speakup support.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Updated kernel modules to 2.4.27.  Allow the location of network.dsk to be
  provided on the network script command line (suggested by Daniel de Kok).
+--------------------------+
Sun Sep 19 16:33:44 PDT 2004
a/cups-1.1.21-i486-1.tgz:  Upgraded to cups-1.1.21.  This fixes a flaw
  where a remote attacker can crash the CUPS server causing a denial of
  service.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0558
  (* Security fix *)
a/glibc-solibs-2.3.3-i486-1.tgz:  Upgraded to glibc-2.3.3.  This is from
  a CVS snapshot taken in early August.  The official glibc-2.3.3 tarball
  was released in such an obsolete condition (a snapshot from 8 months ago)
  that I'd be surprised if any Linux distributions actually package it.
a/glibc-zoneinfo-2.3.3-noarch-1.tgz:  Upgraded to glibc-2.3.3.
a/minicom-2.1-i486-2.tgz:  Fixed install script to install the config
  files in /etc properly.  (thanks to Piter PUNK)
a/pkgtools-10.0.0-i486-2.tgz:  Changed the keyboard driver in the sample
  /etc/X11/xorg.conf files from "Keyboard" to "kbd".
a/kernel-ide-2.4.27-i486-1.tgz:  Upgraded to Linux 2.4.27 kernel.
a/kernel-modules-2.4.27-i486-1.tgz:  Upgraded to Linux 2.4.27 kernel modules.
ap/sudo-1.6.8p1-i486-1.tgz:  Upgraded to sudo-1.6.8p1.
d/kernel-headers-2.4.27-i386-1.tgz:  Upgraded to Linux 2.4.27 kernel headers.
gnome/epiphany-1.2.7-i486-1.tgz:  Removed.  (see Mozilla below)
gnome/epiphany-extensions-0.9.1-i486-1.tgz:  Removed.  (see Mozilla below)
gnome/galeon-1.3.17-i486-1.tgz:  Removed.  (see Mozilla below)
k/kernel-source-2.4.27-noarch-1.tgz:  Upgraded to Linux 2.4.27 kernel source.
kde/koffice-1.3.3-i486-1.tgz:  Upgraded to koffice-1.3.3.
kdei/koffice-i18n-*.tgz:  Upgraded to koffice-i18n-1.3.3.
l/alsa-driver-1.0.6a_2.4.27-i486-1.tgz:  Recompiled alsa-driver-1.0.6a for
  Linux 2.4.27.
l/glibc-2.3.3-i486-1.tgz:  Upgraded to glibc-2.3.3.
l/glibc-i18n-2.3.3-noarch-1.tgz:  Upgraded to glibc-2.3.3 i18n files.
l/glibc-profile-2.3.3-i486-1.tgz:  Upgraded to glibc-2.3.3 profile libs.
l/gtk+2-2.4.10-i486-1.tgz:  Upgraded to gtk+-2.4.10.  This fixes security
  issues in the image loader routines that can crash applications.
  (* Security fix *)
l/pango-1.6.0-i486-1.tgz:  Upgraded to pango-1.6.0.
n/iproute2-2.6.9_ss040831-i486-1.tgz:  Upgraded to iproute2-2.6.9-ss040831.
n/nail-11.7-i486-1.tgz:  Upgraded to nail-11.7.
n/nmap-3.70-i486-2.tgz:  Fixed missing docs translations.
  (thanks to Alex)
n/php-4.3.8-i486-2.tgz:  Recompiled using --enable-exif in addition to
  --with-exif.  Thanks to Niels Heinis for the tip. 
n/proftpd-1.2.10-i486-2.tgz:  Fixed slack-desc (thanks to Stuart Winter).
x/x11*6.8.1-i486-1.tgz:  Upgraded to X.Org's X11R6.8.1 release.
  Note that the name of the keyboard driver in the xorg.conf file has
  changed from "Keyboard" to "kbd".  You'll need to make this change in
  order to start X.
xap/gaim-1.0.0-i486-1.tgz:  Upgraded to gaim-1.0.0.
xap/imagemagick-6.0.8_1-i486-1.tgz:  Upgraded to ImageMagick-6.0.8-1.
  Removed spurious libtool library (thanks to Mark Post).
xap/mozilla-1.7.3-i486-1.tgz:  Upgraded to mozilla-1.7.3.
  The Mozilla page says this fixes some "minor security holes".
  It also breaks Galeon and Epiphany, and new versions of these have
  still not appeared.  In light of this, I think it's time to remove
  these Gecko-based browsers.  The future is going to be Firefox and
  Thunderbird anyway, and I don't believe Galeon and Epiphany can be
  compiled against Firefox's libraries.
  (* Security fix *)
xap/mozilla-plugins-1.7.3-noarch-1.tgz:  Changed plugin symlinks for
  Mozilla 1.7.3.
xap/xine-lib-1rc6a-i686-1.tgz:  Upgraded to xine-lib-1-rc6a.
  This release fixes a few overflows that could have security implications.
  (* Security fix *)
xap/xlockmore-5.13-i486-1.tgz:  Upgraded to xlockmore-5.13.
xap/xscreensaver-4.18-i486-1.tgz:  Upgraded to xscreensaver-4.18.
bootdisks/*:  Upgraded to Linux 2.4.27 bootdisks (and added sata.i).
extra/bittornado/bittornado-0.3.7-noarch-1.tgz:  Added BitTornado
  0.3.7, an alternate BitTorrent client based on Bram's mainline
  BitTorrent code.
extra/k3b/k3b-0.11.15-i486-1.tgz:  Upgraded to k3b-0.11.15.
extra/slacktrack/slacktrack-1.21-i486-2.tgz: Upgraded to
  slacktrack-1.21_2.
kernels/*:  Upgraded to Linux 2.4.27 kernels (and added sata.i).
pasture/apsfilter-7.2.5-i386-2.tgz:  The apsfilter print configuration
  tool has been moved to /pasture.
pasture/ifhp-3.5.11-i486-1.tgz:  Moved ifhp to /pasture.  This is a
  print filter for LPRng (see below).
pasture/libxml-1.8.17-i486-3.tgz:  Added a static libxml1, needed to
  compile some ham software.
pasture/lprng-3.8.27-i486-1.tgz:  Moved LPRng to /pasture.  These days
  most people want to run CUPS which has more or less taken over the
  printing scene as the defacto standard print system.  LPRng will
  continue to be maintained here, but getting it out of the main
  installation will end the annoying problem of it overwriting the
  symlinks for CUPS and breaking it.
testing/packages/linux-2.6.8.1/alsa-driver-1.0.6a_2.6.8.1-i486-1.tgz:
  Compiled alsa-driver package for Linux 2.6.8.1.
testing/packages/linux-2.6.8.1/kernel-generic-2.6.8.1-i486-1.tgz:
  Upgraded to Linux 2.6.8.1 kernel.
testing/packages/linux-2.6.8.1/kernel-headers-2.6.8.1-i386-1.tgz
  Upgraded to Linux 2.6.8.1 kernel headers.
testing/packages/linux-2.6.8.1/kernel-modules-2.6.8.1-i486-1.tgz
  Upgraded to Linux 2.6.8.1 kernel modules.
testing/packages/linux-2.6.8.1/kernel-source-2.6.8.1-noarch-1.tgz
  Upgraded to Linux 2.6.8.1 kernel source.
testing/packages/php-5.0.1/php-5.0.1-i486-1.tgz:  Upgraded to php-5.0.1.
+--------------------------+
Mon Sep 13 22:22:59 PDT 2004
a/reiserfsprogs-3.6.18-i486-1.tgz:  Upgraded to reiserfsprogs-3.6.18.
d/ccache-2.4-i486-1.tgz:  Upgraded to ccache-2.4.
d/gdb-6.2.1-i486-1.tgz:  Upgraded to gdb-6.2.1.
gnome/gnumeric-1.2.13-i486-1.tgz:  Upgraded to gnumeric-1.2.13.
l/libpng-1.2.7-i486-1.tgz:  Upgraded to libpng-1.2.7.
l/taglib-1.3-i486-1.tgz:  Upgraded to taglib-1.3.
n/dnsmasq-2.14-i486-1.tgz:  Upgraded to dnsmasq-2.14.
n/getmail-4.1.5-noarch-1.tgz:  Upgraded to getmail-4.1.5.
n/proftpd-1.2.10-i486-1.tgz:  Maybe I was a little too harsh on this
  project (especially as they've now addressed all the known problems
  with the latest release).  I don't think it deserved to be
  /pasture-ized after all, and have moved it back to the N series.
  Vsftpd will also remain in N, so you can take your pick...
n/samba-3.0.7-i486-1.tgz:  Upgraded to samba-3.0.7.
  This fixes two Denial of Service vulnerabilities.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0807
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0808
  (* Security fix *)
xap/imagemagick-6.0.7_3-i486-1.tgz:  Upgraded to ImageMagick-6.0.7-3.
testing/packages/kde-3.3/kde/*.tgz:  Rebuilt all KDE packages, and 
  fixed a couple build problems with kdemultimedia and kdebindings.
testing/packages/kde-3.3/kde/qt-3.3.3-i486-2.tgz:  Removed the
  libqt.so -> libqt-mt.so symlinks.  These were a kludge added to help
  run third party binaries that link with libqt rather than libqt-mt,
  but now it's breaking things like the kdebindings build.  The symlinks
  were meant to allow some time to transition to the threaded Qt without
  breaking existing apps.  Hopefully not many broken apps are still left.
testing/packages/gcc-3.4.2/gcc*-3.4.2-i486-1.tgz:  Upgraded to gcc-3.4.2.
+--------------------------+
Fri Sep 10 15:32:58 PDT 2004
ap/mysql-4.0.21-i486-1.tgz:  Upgraded to mysql-4.0.21.
pasture/proftpd-1.2.10-i486-1.tgz:  Upgraded to proftpd-1.2.10.
+--------------------------+
Thu Sep  9 20:04:47 PDT 2004
ap/cdrtools-2.01-i486-1.tgz:  Upgraded to cdrtools-2.01 and
  zisofs-tools-1.0.6.
ap/dvd+rw-tools-5.21.4.10.8-i486-1.tgz:  Upgraded to
  dvd+rw-tools-5.21.4.10.8.
+--------------------------+
Tue Sep  7 18:38:29 PDT 2004
xap/fluxbox-0.9.10-i486-1.tgz:  Upgraded to fluxbox-0.9.10.
  This is the development version, but they say it's stable, so
  I'll defer to upstream judgement.
pasture/fluxbox-0.1.14-i386-1.tgz:  Moved to /pasture.
  This is still officially the current stable version, but the
  developers say it's old and unmaintained, so off to /pasture it goes.
+--------------------------+
Mon Sep  6 20:39:43 PDT 2004
l/aspell-0.60-i486-2.tgz:  Fixed missing pre* tools.
l/aspell-en-6.0_0-noarch-2.tgz:  Upgraded to aspell6-en-6.0-0.
  (Since all the word list packages needed to be rebuilt, but not
  all had upgraded versions, they were all given a build of '2')
extra/aspell-word-lists/:  Rebuilt all word lists, and added many
  new ones.
extra/bash-completion/bash-completion-20040711-noarch-1.tgz:
  Upgraded to bash-completion-20040711, and fixed the profile.d script
  to work with bash-3.0.
+--------------------------+
Sat Sep  4 20:03:26 PDT 2004
a/bash-3.0-i486-1.tgz:  Upgraded to GNU bash-3.0.
a/minicom-2.1-i486-1.tgz:  Upgraded to minicom-2.1.
l/aspell-0.60-i486-1.tgz:  Upgraded to GNU aspell-0.60 (forgot this in
  yesterday's ChangeLog...  sorry).
n/openssh-3.9p1-i486-1.tgz:  Upgraded to openssh-3.9p1.
+--------------------------+
Fri Sep  3 18:40:57 PDT 2004
a/glibc-solibs-2.3.2-i486-7.tgz:  Recompiled using 'strip -g' rather than
  'strip --strip-unneeded' to avoid stripping symbols that are needed for
  debugging threads.  Thanks to those who reported this bug, especially
  Ricardo Nabinger Sanchez who sent in a sample thread program that made
  it easy to test for the problem (and confirm the fix worked).
a/glibc-zoneinfo-2.3.2-noarch-7.tgz:  Rebuilt.
a/hdparm-5.7-i486-1.tgz:  Upgraded to hdparm-5.7.
ap/zsh-4.2.1-i486-1.tgz:  Upgraded to zsh-4.2.1.
d/m4-1.4.2-i486-1.tgz:  Upgraded to GNU m4-1.4.2.
kde/kdebase-3.2.3-i486-2.tgz:  Patched frame injection vulnerability in
  Konqueror.  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
  (* Security fix *)
kde/kdelibs-3.2.3-i486-2.tgz:  Patched unsafe temporary directory usage,
  cross-domain cookie injection vulnerability for certain country
  specific domains, and frame injection vulnerability in Konqueror.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
  (* Security fix *)
l/glib2-2.4.6-i486-1.tgz:  Upgraded to glib-2.4.6.
l/glibc-2.3.2-i486-7.tgz:  Recompiled using 'strip -g'.
l/glibc-i18n-2.3.2-noarch-7.tgz:  Recompiled.
l/gtk+2-2.4.9-i486-1.tgz:  Upgraded to gtk+-2.4.9.
n/gnupg-1.2.6-i486-1.tgz:  Upgraded to gnupg-1.2.6.
n/inetd-1.79s-i486-7.tgz:  Added a vsftpd example to /etc/inetd.conf.
n/lftp-3.0.7-i486-1.tgz:  Upgraded to lftp-3.0.7.
n/nmap-3.70-i486-1.tgz:  Upgraded to nmap-3.70.
n/vsftpd-2.0.1-i486-1.tgz:  Added vsftpd as Slackware's new default ftpd.
  This may not have the rich feature set of ProFTPD, but simple is
  probably more secure.  Thanks to Laurens Vets for getting me to take
  another look at this.
xap/imagemagick-6.0.6_2-i486-1.tgz:  Upgraded to ImageMagick-6.0.6-2.
extra/glibc-extra-packages/glibc-debug-2.3.2-i486-7.tgz:  Recompiled.
extra/glibc-extra-packages/glibc-profile-2.3.2-i486-7.tgz:  Recompiled.
extra/grub/grub-0.95-i486-2.tgz:  Upgraded to version 1.24 of Kent Robotti's
  grubconfig setup tool.
extra/k3b/k3b-i18n-0.11-noarch-2.tgz:  Fixed path for locale files.
pasture/proftpd-1.2.9-i486-3.tgz:  Sent to /pasture.  This has been allowed
  to slide way too much for a network service.  A security issue was
  discovered in April (and was patched in Slackware and elsewhere shortly
  thereafter).  It took a couple of weeks for any warning to appear on the
  ProFTPD site (with no official fix, just a suggestion to avoid the
  vulnerable feature).  Since then it's been fixed in CVS but there is
  still no official stable release that fixes the issue.  I liked ProFTPD,
  but won't put up with security negligence that goes on for months.
  Clearly ProFTPD's time is up, and it belongs here in /pasture.
  If there's any problem with vsftpd (and I don't expect there will be),
  you can bet that Chris Evans won't take 4 months to do something about it.
testing/packages/kde-3.3/:  Added KDE 3.3.  This is in testing/ because of
  a few problems I've had with it (like crashes on logout, and no anti-
  aliased fonts no matter what kpersonalizer settings are chosen).
  I think it's a good idea to test it for a while and wait for patches
  (or for kde-3.3.1).  Oh, I'm also getting requests to add libidn, which
  kde-3.3 apparently can use for jabber support, but libidn contains the
  following warning in README-alpha:
   "LIBIDN IS MOST LIKELY INSECURE. DO NOT USE IN A PRODUCTION ENVIRONMENT!"
  As a result, I haven't added libidn yet.  I haven't ruled it out entirely
  either, but it's hard to get past a warning like that...
+--------------------------+
Fri Aug 27 13:17:35 PDT 2004
n/getmail-4.1.1-noarch-1.tgz:  Upgraded to getmail-4.1.1.
xap/gaim-0.82.1-i486-1.tgz:  Upgraded to gaim-0.82.1 to fix a couple of bugs
  in the gaim-0.82 release.  Also, gaim-encryption-2.29 did not work with
  gaim-0.82 (or 0.82.1), so that has been upgraded to gaim-encryption-2.30.
+--------------------------+
Thu Aug 26 18:28:53 PDT 2004
a/syslinux-2.11-i486-1.tgz:  Upgraded to syslinux-2.11.
ap/alsa-utils-1.0.6-i486-1.tgz:  Upgraded to alsa-utils-1.0.6.
d/distcc-2.17.1-i486-1.tgz:  Upgraded to distcc-2.17.1.
l/alsa-driver-1.0.6a_2.4.26-i486-1.tgz:  Upgraded to alsa-driver-1.0.6a.
l/alsa-lib-1.0.6-i486-1.tgz:  Upgraded to alsa-lib-1.0.6.
l/alsa-oss-1.0.6-i486-1.tgz:  Upgraded to alsa-oss-1.0.6.
l/libpng-1.2.6-i486-1.tgz:  Upgraded to libpng-1.2.6.
n/iptables-1.2.11-i486-1.tgz:  Upgraded to iptables-1.2.11.
n/samba-3.0.6-i486-1.tgz:  Upgraded to samba-3.0.6.
xap/gaim-0.82-i486-1.tgz:  Upgraded to gaim-0.82 and gaim-encryption-2.29.
  Fixes several security issues:
     Content-length DOS (malloc error) (no CAN ID on this one)
     MSN strncpy buffer overflow (CAN-2004-0500)
     Groupware message receive integer overflow (CAN-2004-0754)
     Smiley theme installation lack of escaping (CAN-2004-0784)
     RTF message buffer overflow, Local hostname resolution buffer overflow,
       URL decode buffer overflow (these 3 are CAN-2004-0785)
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785
  (* Security fix *)
+--------------------------+
Mon Aug 23 14:06:50 PDT 2004
a/hdparm-5.6-i486-1.tgz:  Upgraded to hdparm-5.6.
a/procps-3.2.3-i486-1.tgz:  Upgraded to procps-3.2.3.
d/automake-1.9.1-noarch-1.tgz:  Upgraded to automake-1.9.1.
kde/qt-3.3.3-i486-1.tgz:  Upgraded to qt-3.3.3.
  This fixes bugs in the image loading routines which could be
  used by an attacker to run unauthorized code or create a
  denial-of-service.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
  (* Security fix *)
l/glib2-2.4.5-i486-1.tgz:  Upgraded to glib-2.4.5.
n/curl-7.12.1-i486-1.tgz:  Upgraded to curl-7.12.1.
n/getmail-4.0.13-noarch-1.tgz:  Upgraded to getmail-4.0.13.
n/nail-11.3-i486-1.tgz:  Upgraded to nail-11.3.
xap/netscape-7.2-i686-1.tgz:  Upgraded to netscape-7.2.
  (Is it time yet to move this to /pasture?)
extra/grub/grub-0.95-i486-1.tgz:  Added GNU grub-0.95.
  Thanks to Kent Robotti for the grubconfig setup tool.  :-)
  I did some cleanup on grubconfig, but it's going to need more work.
  For example, it's unable to properly determine the mappings for my
  two hard drives /dev/hde and /dev/hdg...  it's a start, though.
extra/k3b/k3b-0.11.14-i486-1.tgz:  Upgraded to k3b-0.11.14.
extra/k3b/k3b-i18n-0.11-noarch-1.tgz:  Added k3b-i18n-0.11.
extra/parted/parted-1.6.12-i486-1.tgz:  Upgraded to parted-1.6.12.
+--------------------------+
Mon Aug  9 01:57:10 PDT 2004
d/binutils-2.15.90.0.3-i486-1.tgz:  Reverted to binutils-2.15.90.0.3
  since Mozilla isn't compiling with binutils-2.15.91.0.2.
d/oprofile-0.8-i486-1.tgz:  Reverted to previous oprofile build linked
  with libbfd from binutils-2.15.90.0.3.
gnome/epiphany-1.2.7-i486-1.tgz:  Upgraded to epiphany-1.2.7.
  (compiled against Mozilla 1.7.2)
gnome/galeon-1.3.17-i486-1.tgz:  Upgraded to galeon-1.3.17.
  (compiled against Mozilla 1.7.2)
xap/gaim-0.81-i486-1.tgz:  Upgraded to gaim-0.81.
  (compiled against Mozilla 1.7.2)
xap/mozilla-1.7.2-i486-1.tgz:  Upgraded to Mozilla 1.7.2.  This fixes three
  security vulnerabilities.  For details, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.2
  (* Security fix *)
xap/mozilla-plugins-1.7.2-noarch-1.tgz:  Changed plugin symlinks for Mozilla
  1.7.2.
+--------------------------+
Sat Aug  7 17:17:40 AKDT 2004
ap/sox-12.17.4-i486-3.tgz:  Patched buffer overflows that could allow
  a malicious WAV file to execute arbitrary code.
  (* Security fix *)
d/libtool-1.5.8-i486-1.tgz:  Upgraded to libtool-1.5.8.
d/perl-5.8.5-i486-2.tgz:  Updated -Dinc_version_list to include 5.8.4.
  Thanks to Luca Cavalli for pointing out the omission.
l/libpng-1.2.5-i486-3.tgz:  Patched possible security issues including
  buffer and integer overflows and null pointer references.  These
  issues could cause program crashes, or possibly allow arbitrary code
  embedded in a malicious PNG image to execute.  The PNG library is
  widely used within the system, so all sites should upgrade to the
  new libpng package.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599
  (* Security fix *)
l/pango-1.4.1-i486-1.tgz:  Upgraded to pango-1.4.1.
xap/gimp-2.0.4-i486-1.tgz:  Upgraded to gimp-2.0.4.
xap/imagemagick-6.0.4_3-i486-1.tgz:  Upgraded to ImageMagick-6.0.4-3.
  Fixes PNG security issues.
  (* Security fix *)
+--------------------------+
Sun Aug  1 20:27:33 PDT 2004
d/automake-1.9-noarch-1.tgz:  Upgraded to automake-1.9.
d/binutils-2.15.91.0.2-i486-1.tgz:  Upgraded to binutils-2.15.91.0.2.
d/gdb-6.2-i486-1.tgz:  Upgraded to gdb-6.2.
d/oprofile-0.8-i486-2.tgz:  Recompiled against libbfd from
  binutils-2.15.91.0.2.
+--------------------------+
Tue Jul 27 22:27:56 PDT 2004
d/perl-5.8.5-i486-1.tgz:  Upgraded to perl-5.8.5, DBD-mysql-2.9004,
  and DBI-1.43.
gnome/galeon-1.3.16-i486-1.tgz:  Upgraded to galeon-1.3.16.
kde/kdebindings-3.2.3-i486-2.tgz:  Recompiled for perl-5.8.5.
n/dnsmasq-2.10-i486-1.tgz:  Upgraded to dnsmasq-2.10.
n/getmail-4.0.1-noarch-1.tgz:  Upgraded to getmail-4.0.1.
n/irssi-0.8.9-i486-4.tgz:  Recompiled for perl-5.8.5.
n/ncftp-3.1.8-i486-1.tgz:  Upgraded to ncftp-3.1.8.
xap/gaim-0.80-i486-2.tgz:  Recompiled for perl-5.8.5.
xap/imagemagick-6.0.3_5-i486-1.tgz:  Upgraded to ImageMagick-6.0.3-5.
xap/xchat-2.0.10-i486-1.tgz:  Upgraded to xchat-2.0.10.
+--------------------------+
Mon Jul 26 22:46:37 PDT 2004
gnome/totem-0.99.15.1-i686-1.tgz:  Upgraded to totem-0.99.15.1.
xap/xfce-4.0.6-i486-1.tgz:  Upgraded to xfce-4.0.6.
xap/xine-lib-1rc5-i686-1.tgz:  Upgraded to xine-lib-1-rc5.
xap/xine-ui-0.99.2-i686-1.tgz:  Upgraded to xine-ui-0.99.2.
+--------------------------+
Mon Jul 26 14:09:31 PDT 2004
n/samba-3.0.5-i486-2.tgz:  Rebuilt using --with-acl-support=no to avoid
  a dependency on libattr (found in the xfsprogs package).
  Thanks to Fredrik, Naresh Donti, and Dimitar Katerinski for pointing
  this out.  It wasn't intentional (only the version number changed in
  the build script).
+--------------------------+
Sun Jul 25 15:55:05 PDT 2004
ap/gimp-print-4.2.7-i486-1.tgz:  Upgraded to gimp-print-4.2.7.
d/distcc-2.16-i486-1.tgz:  Upgraded to distcc-2.16.
d/doxygen-1.3.8-i486-1.tgz:  Upgraded to doxygen-1.3.8.
l/glib2-2.4.4-i486-1.tgz:  Upgraded to glib-2.4.4.
l/gtk+2-2.4.4-i486-1.tgz:  Upgraded to gtk+-2.4.4.
n/getmail-4.0.0-noarch-1.tgz:  Upgraded to getmail-4.0.0.
n/mod_ssl-2.8.19_1.3.31-i486-1.tgz:  Upgraded to mod_ssl-2.8.19-1.3.31.
  This fixes a security hole (ssl_log() related format string
  vulnerability in mod_proxy hook functions), so sites using mod_ssl
  should upgrade to the new version.  Be sure to back up your existing
  key files first.
  (* Security fix *)
n/samba-3.0.5-i486-1.tgz:  Upgraded to samba-3.0.5.
  This fixes a buffer overflow in SWAT and another in the code supporting
  the 'mangling method = hash' smb.conf option (which is not the default).
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686
  (* Security fix *)
xap/gimp-2.0.3-i486-1.tgz:  Upgraded to gimp-2.0.3.
xap/xsane-0.94-i486-1.tgz:  Upgraded to xsane-0.94.
testing/packages/gcc-3.4.1/gcc*-3.4.1-i486-1.tgz:  Upgraded to gcc-3.4.1.
testing/packages/php-5.0.0/php-5.0.0-i486-2.tgz:  Changed references in
  mod_php.conf from php4 to php5 (thanks to Foti Trendafilov and
  Marek Januszewski for the bug reports).
+--------------------------+
Wed Jul 21 13:50:18 PDT 2004
kde/koffice-1.3.2-i486-1.tgz:  Upgraded to koffice-1.3.2.
kdei/koffice-i18n-*.tgz:  Upgraded to koffice-i18n-1.3.2.
+--------------------------+
Tue Jul 20 22:05:23 PDT 2004
n/imapd-4.61-i486-1.tgz:  Upgraded to IMAP4rev1 2004.352 from pine4.61.
n/php-4.3.8-i486-1.tgz:  Upgraded to php-4.3.8.
  This release fixes two security problems in PHP (memory_limit handling and
  a problem in the strip_tags function).  Sites using PHP should upgrade.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
  (* Security fix *)
n/pine-4.61-i486-1.tgz:  Upgraded to pine4.61.
xap/gaim-0.80-i486-1.tgz:  Upgraded to gaim-0.80 and gaim-encryption-2.28.
testing/packages/php-5.0.0/php-5.0.0-i486-1.tgz:  Added php-5.0.0.
+--------------------------+
Sat Jun 26 16:02:45 PDT 2004
ap/vim-6.3.007-i486-1.tgz:  Upgraded to patchlevel 007, fixed missing vim.mo
  files (sorry about that!!).
xap/gaim-0.79-i486-1.tgz:  Upgraded to gaim-0.79 and gaim-encryption-2.27.
xap/gnuchess-4.0.pl80-i486-4.tgz:  Fixed missing files.  (thanks to grk)
xap/xvim-6.3.007-i486-1.tgz:  Upgraded to patchlevel 007, fixed missing vim.mo
  files.
+--------------------------+
Tue Jun 22 01:34:56 PDT 2004
Slackware 10.0 is released.  Thanks to everyone who helped out!