Wed Jul 25 02:02:40 UTC 2012
patches/packages/libpng-1.2.50-i486-1_slack10.2.tgz:  Upgraded.
  Fixed incorrect type (int copy should be png_size_t copy) in png_inflate()
  (fixes CVE-2011-3045).
  Revised png_set_text_2() to avoid potential memory corruption (fixes
    CVE-2011-3048).
  Changed "a+w" to "u+w" in Makefile.in to fix CVE-2012-3386.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3045
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
  (* Security fix *)
+--------------------------+
Thu Jun 14 05:02:39 UTC 2012
####################################################################
# NOTICE OF INPENDING EOL (END OF LIFE) FOR OLD SLACKWARE VERSIONS #
#                                                                  #
# Effective August 1, 2012, security patches will no longer be     #
# provided for the following versions of Slackware (which will all #
# be more than 5 years old at that time):                          #
# Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0.           #
# If you are still running these versions you should consider      #
# migrating to a newer version (preferably as recent as possible). #
# Alternately, you may make arrangements to handle your own        #
# security patches.  If for some reason you are unable to upgrade  #
# or handle your own security patches, limited security support    #
# may be available for a fee.  Inquire at security@slackware.com.  #
####################################################################
patches/packages/bind-9.7.6_P1-i486-1_slack10.2.tgz:  Upgraded.
  This release fixes an issue that could crash BIND, leading to a denial of
  service.  It also fixes the so-called "ghost names attack" whereby a
  remote attacker may trigger continued resolvability of revoked domain names.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1033
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
  IMPORTANT NOTE:  This is a upgraded version of BIND, _not_ a patched one.
  It is likely to be more strict about the correctness of configuration files.
  Care should be taken about deploying this upgrade on production servers to
  avoid an unintended interruption of service.
  (* Security fix *)
+--------------------------+
Wed May 23 00:14:52 UTC 2012
patches/packages/libxml2-2.6.32-i486-2_slack10.2.tgz:  Upgraded.
  Patched an off-by-one error in XPointer that could lead to a crash or
  possibly the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
  (* Security fix *)
+--------------------------+
Wed Apr 11 17:16:32 UTC 2012
patches/packages/samba-3.0.37-i486-5_slack10.2.tgz:  Rebuilt.
  This is a security release in order to address a vulnerability that allows
  remote code execution as the "root" user.  All sites running a Samba
  server should update to the new Samba package and restart Samba.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
  (* Security fix *)
+--------------------------+
Sat Apr  7 21:48:42 UTC 2012
patches/packages/libtiff-3.8.2-i486-4_slack10.2.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173
  (* Security fix *)
+--------------------------+
Wed Feb 22 18:14:58 UTC 2012
patches/packages/libpng-1.2.47-i486-1_slack10.2.tgz:  Upgraded.
  All branches of libpng prior to versions 1.5.9, 1.4.9, 1.2.47, and 1.0.57,
  respectively, fail to correctly validate a heap allocation in
  png_decompress_chunk(), which can lead to a buffer-overrun and the
  possibility of execution of hostile code on 32-bit systems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
  (* Security fix *)
+--------------------------+
Thu Nov 17 02:09:25 UTC 2011
patches/packages/bind-9.4_ESV_R5_P1-i486-1_slack10.2.tgz:  Upgraded.
        --- 9.4-ESV-R5-P1 released ---
3218.   [security]      Cache lookup could return RRSIG data associated with
                        nonexistent records, leading to an assertion
                        failure. [RT #26590]
  (* Security fix *)
+--------------------------+
Fri Aug 12 23:20:00 UTC 2011
patches/packages/bind-9.4_ESV_R5-i486-1_slack10.2.tgz:  Upgraded.
  This BIND update addresses a couple of security issues:
  * named, set up to be a caching resolver, is vulnerable to a user
    querying a domain with very large resource record sets (RRSets)
    when trying to negatively cache the response. Due to an off-by-one
    error, caching the response could cause named to crash. [RT #24650]
    [CVE-2011-1910]
  * Change #2912 (see CHANGES) exposed a latent bug in the DNS message
    processing code that could allow certain UPDATE requests to crash
    named. [RT #24777] [CVE-2011-2464]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
  (* Security fix *)
+--------------------------+
Fri Jul 29 18:22:40 UTC 2011
patches/packages/libpng-1.2.46-i486-1_slack10.2.tgz:  Upgraded.
  Fixed uninitialized memory read in png_format_buffer()
  (Bug report by Frank Busse, related to CVE-2004-0421).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0421
  (* Security fix *)
+--------------------------+
Mon Jun 20 00:49:34 UTC 2011
patches/packages/fetchmail-6.3.20-i486-1_slack10.2.tgz:  Upgraded.
  This release fixes a denial of service in STARTTLS protocol phases.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947
    http://www.fetchmail.info/fetchmail-SA-2011-01.txt
  (* Security fix *)
+--------------------------+
Fri May 27 22:56:00 UTC 2011
patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack10.2.tgz:  Upgraded.
  This release fixes security issues:
     * A large RRSET from a remote authoritative server that results in
       the recursive resolver trying to negatively cache the response can
       hit an off by one code error in named, resulting in named crashing.
       [RT #24650] [CVE-2011-1910]
     * Zones that have a DS record in the parent zone but are also listed
       in a DLV and won't validate without DLV could fail to validate. [RT
       #24631]
  For more information, see:
    http://www.isc.org/software/bind/advisories/cve-2011-1910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
  (* Security fix *)
+--------------------------+
Fri Apr  8 06:58:48 UTC 2011
patches/packages/libtiff-3.8.2-i486-3_slack10.2.tgz:  Rebuilt.
  Patched overflows that could lead to arbitrary code execution when parsing
  a malformed image file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
  (* Security fix *)
+--------------------------+
Thu Apr  7 04:07:29 UTC 2011
patches/packages/dhcp-3.1_ESV_R1-i486-1_slack10.2.tgz:  Upgraded.
  In dhclient, check the data for some string options for reasonableness
  before passing it along to the script that interfaces with the OS.
  This prevents some possible attacks by a hostile DHCP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
  (* Security fix *)
+--------------------------+
Mon Feb 28 22:19:08 UTC 2011
patches/packages/samba-3.0.37-i486-4_slack10.2.tgz:  Rebuilt.
  Fix memory corruption denial of service issue.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2011-0719
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719
  (* Security fix *)
+--------------------------+
Thu Feb 10 21:19:38 UTC 2011
patches/packages/sudo-1.7.4p6-i486-1_slack10.2.tgz:  Upgraded.
  Fix Runas group password checking.
  For more information, see the included CHANGES and NEWS files, and:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
  (* Security fix *)
+--------------------------+
Thu Dec 16 18:57:05 UTC 2010
patches/packages/bind-9.4_ESV_R4-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes some security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615
  (* Security fix *)
+--------------------------+
Sat Nov 20 21:20:27 UTC 2010
patches/packages/xpdf-3.02pl5-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
  (* Security fix *)
+--------------------------+
Mon Sep 20 18:39:57 UTC 2010
patches/packages/bzip2-1.0.6-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes an integer overflow that could allow a specially
  crafted bzip2 archive to cause a crash (denial of service), or execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
  (* Security fix *)
+--------------------------+
Wed Sep 15 18:51:21 UTC 2010
patches/packages/sudo-1.7.4p4-i486-3_slack10.2.tgz:  Rebuilt.
  Hi folks, since the patches for old systems (8.1 - 10.2) were briefly
  available containing a /var/lib with incorrect permissions, I'm issuing
  these again just to be 100% sure that no systems out there will be left
  with problems due to that.  This should do it (third time's the charm).
+--------------------------+
Wed Sep 15 05:58:55 UTC 2010
patches/packages/sudo-1.7.4p4-i486-2_slack10.2.tgz:  Rebuilt.
  The last sudo packages accidentally changed the permissions on /var from
  755 to 700.  This build restores the proper permissions.
  Thanks to Petri Kaukasoina for pointing this out.
+--------------------------+
Wed Sep 15 00:41:13 UTC 2010
patches/packages/samba-3.0.37-i486-3_slack10.2.tgz:  Upgraded.
  This upgrade fixes a buffer overflow in the sid_parse() function.
  For more information, see:
    http://www.samba.org/samba/security/CVE-2010-3069
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3069
  (* Security fix *)
patches/packages/sudo-1.7.4p4-i486-1_slack10.2.tgz:  Upgraded.
  This fixes a flaw that could lead to privilege escalation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
  (* Security fix *)
+--------------------------+
Wed Jun 30 04:51:49 UTC 2010
patches/packages/libtiff-3.8.2-i486-2_slack10.2.tgz:  Rebuilt.
  This fixes image structure handling bugs that could lead to crashes or
  execution of arbitrary code if a specially-crafted TIFF image is loaded.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2065
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2067
  (* Security fix *)
patches/packages/libpng-1.2.44-i486-1_slack10.2.tgz:  Upgraded.
  This fixes out-of-bounds memory write bugs that could lead to crashes
  or the execution of arbitrary code, and a memory leak bug which could
  lead to application crashes.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249
  (* Security fix *)
+--------------------------+
Sun Jun 27 04:02:55 UTC 2010
patches/packages/bind-9.4.3_P5-i486-2_slack10.2.tgz:  Rebuilt.
  At least some of these updates for 2.4.x systems were built under a
  2.6.x kernel, and didn't work.  Sorry, I think I've fixed the
  issue on this end this time.  If the previous update did not work
  for you, try this one.
+--------------------------+
Fri Jun 25 05:28:02 UTC 2010
patches/packages/bind-9.4.3_P5-i486-1_slack10.2.tgz:  Upgraded.
  This fixes possible DNS cache poisoning attacks when DNSSEC is enabled
  and checking is disabled (CD).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
  (* Security fix *)
+--------------------------+
Fri Jun 18 18:09:28 UTC 2010
patches/packages/samba-3.0.37-i486-2_slack10.2.tgz:  Rebuilt.
  Patched a buffer overflow in smbd that allows remote attackers to cause
  a denial of service (memory corruption and daemon crash) or possibly
  execute arbitrary code via a crafted field in a packet.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063
  (* Security fix *)
+--------------------------+
Sun May 16 20:01:28 UTC 2010
patches/packages/fetchmail-6.3.17-i486-1_slack10.2.tgz:  Upgraded.
  A crafted header or POP3 UIDL list could cause a memory leak and crash
  leading to a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167
  (* Security fix *)
+--------------------------+
Fri Apr 30 01:07:12 UTC 2010
patches/packages/irssi-0.8.15-i486-2_slack10.2.tgz:  Rebuilt.
  Sorry, the perl modules were a mess in that last build on systems that
  don't use a vendor_perl dir.  This should work better.
+--------------------------+
Thu Apr 22 19:13:54 UTC 2010
patches/packages/irssi-0.8.15-i486-1_slack10.2.tgz:  Upgraded.
  From the NEWS file:
    - Check if an SSL certificate matches the hostname of the server we are
      connecting to.
    - Fix crash when checking for fuzzy nick match when not on the channel.
      Reported by Aurelien Delaitre (SATE 2009).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1155
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1156
  (* Security fix *)
+--------------------------+
Tue Apr 20 14:45:24 UTC 2010
patches/packages/sudo-1.7.2p6-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes security issues that may give a user with permission
  to run sudoedit the ability to run arbitrary commands.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate.html
    http://www.gratisoft.us/sudo/alerts/sudoedit_escalate2.html
  (* Security fix *)
+--------------------------+
Mon Apr  5 03:06:19 UTC 2010
patches/packages/mozilla-thunderbird-2.0.0.24-i686-1.tgz:  Upgraded.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Thu Dec 10 00:12:58 UTC 2009
patches/packages/ntp-4.2.2p3-i486-2_slack10.2.tgz:  Rebuilt.
  Prevent a denial-of-service attack involving spoofed mode 7 packets.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
  (* Security fix *)
+--------------------------+
Wed Dec  2 20:51:55 UTC 2009
patches/packages/bind-9.4.3_P4-i486-1_slack10.2.tgz:  Upgraded.
  BIND 9.4.3-P4 is a SECURITY PATCH for BIND 9.4.3-P3.  It addresses a
  potential cache poisoning vulnerability, in which data in the additional
  section of a response could be cached without proper DNSSEC validation.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
    http://www.kb.cert.org/vuls/id/418861
  (* Security fix *)
+--------------------------+
Wed Oct 28 01:23:19 UTC 2009
patches/packages/xpdf-3.02pl4-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes several security issues that could lead to an
  application crash, or execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
  (* Security fix *)
+--------------------------+
Sat Oct  3 18:19:00 CDT 2009
patches/packages/samba-3.0.37-i486-1_slack10.2.tgz:
  This update fixes the following security issues.
  A misconfigured /etc/passwd with no defined home directory could allow
  security restrictions to be bypassed.
  mount.cifs could allow a local user to read the first line of an arbitrary
  file if installed setuid.  (On Slackware, it was not installed setuid)
  Specially crafted SMB requests could cause a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2813
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2948
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2906
  (* Security fix *)
+--------------------------+
Thu Aug 20 22:12:00 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.23-i686-1.tgz:
  This upgrade fixes a security bug.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Fri Aug 14 13:42:26 CDT 2009
patches/packages/curl-7.12.2-i486-4_slack10.2.tgz:
  This update fixes a security issue where a zero byte embedded in an SSL
  or TLS certificate could fool cURL into validating the security of a
  connection to a system that the certificate was not issued for.  It has
  been reported that at least one Certificate Authority allowed such
  certificates to be issued.
  For more information, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417
  (* Security fix *)
+--------------------------+
Fri Aug  7 14:25:03 CDT 2009
patches/packages/samba-3.0.36-i486-1_slack10.2.tgz:  Upgraded.
  This is a bugfix release.
+--------------------------+
Thu Aug  6 00:48:30 CDT 2009
patches/packages/fetchmail-6.3.11-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes an SSL NUL prefix impersonation attack through NULs in a
  part of a X.509 certificate's CommonName and subjectAltName fields.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666
  (* Security fix *)
+--------------------------+
Wed Jul 29 23:10:01 CDT 2009
patches/packages/bind-9.4.3_P3-i486-1_slack10.2.tgz:  Upgraded.
  This BIND update fixes a security problem where a specially crafted
  dynamic update message packet will cause named to exit resulting in
  a denial of service.
  An active remote exploit is in wide circulation at this time.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
    https://www.isc.org/node/479
  (* Security fix *)
+--------------------------+
Tue Jul 14 18:07:41 CDT 2009
patches/packages/dhcp-3.1.2p1-i486-1_slack10.2.tgz:  Upgraded.
  A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
  (* Security fix *)
+--------------------------+
Sat Jun 27 18:54:07 CDT 2009
patches/packages/mozilla-thunderbird-2.0.0.22-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.22.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Fri Jun 26 22:05:35 CDT 2009
patches/packages/samba-3.0.35-i486-1_slack10.2.tgz:
  This upgrade fixes the following security issue:
  o CVE-2009-1888:
    In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
    data value can potentially affect access control when "dos filemode"
    is set to "yes".
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888
  (* Security fix *)
+--------------------------+
Fri Jun 19 18:22:20 CDT 2009
patches/packages/libpng-1.2.37-i486-1_slack10.2.tgz:  Upgraded.
  This update fixes a possible security issue.  Jeff Phillips discovered an
  uninitialized-memory-read bug affecting interlaced images that may have
  security implications.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
  (* Security fix *)
+--------------------------+
Wed Jun  3 18:09:52 CDT 2009
patches/packages/ntp-4.2.2p3-i486-1_slack10.2.tgz:
  Patched a stack-based buffer overflow in the cookedprint function in
  ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows arbitrary code
  execution by a malicious remote NTP server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159
  (* Security fix *)
+--------------------------+
Thu May 14 18:09:26 CDT 2009
patches/packages/cyrus-sasl-2.1.23-i486-1_slack10.2.tgz:
  Upgraded to cyrus-sasl-2.1.23.
  This fixes a buffer overflow in the sasl_encode64() function that could lead
  to crashes or the execution of arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
  (* Security fix *)
+--------------------------+
Sat May  9 18:03:41 CDT 2009
patches/packages/xpdf-3.02pl3-i486-1_slack10.2.tgz:
  Upgraded to xpdf-3.02pl3.
  This update fixes several overflows that may result in crashes or the
  execution of arbitrary code as the xpdf user.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
(* Security fix *)
+--------------------------+
Mon Apr 20 23:27:45 CDT 2009
patches/packages/udev-064-i486-4_slack10.2.tgz:
  This package has been patched to fix a local root hole.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185
  (* Security fix *)
+--------------------------+
Tue Mar 24 01:56:10 CDT 2009
patches/packages/lcms-1.18-i486-1_slack10.2.tgz:  Upgraded to lcms-1.18.
  This update fixes security issues discovered in LittleCMS by Chris Evans.
  These flaws could cause program crashes (denial of service) or the execution
  of arbitrary code as the user of the lcms-linked program.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733
  (* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.21-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.21.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Mon Mar  9 00:04:05 CDT 2009
patches/packages/curl-7.12.2-i486-3_slack10.2.tgz:
  Patched curl-7.12.2.
  This fixes a security issue where automatic redirection could be made to
  follow file:// URLs, reading or writing a local instead of remote file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037
  (* Security fix *)
+--------------------------+
Fri Feb 20 17:20:49 CST 2009
patches/packages/libpng-1.2.35-i486-1_slack10.2.tgz:
  Upgraded to libpng-1.2.35.
  This fixes multiple memory-corruption vulnerabilities due to a failure to
  properly initialize data structures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
    ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
  (* Security fix *)
+--------------------------+
Mon Jan 19 12:59:20 CST 2009
patches/packages/bind-9.3.6_P1-i486-3_slack10.2.tgz:
  It appears there was a newer libdns.so installed on the Slackware 10.2
  build box which caused the bind update for Slackware 10.2 to fail once
  again, but I'm fairly sure that the third time is the charm.  If not, let
  me know and I'll build that box up again from a clean install.
  My apologies for any inconvenience.
+--------------------------+
Thu Jan 15 16:48:00 CST 2009
patches/packages/bind-9.3.6_P1-i486-2_slack10.2.tgz:
  Recompiled.  The -1_slack10.2 package was compiled on a Slackware 10.2
  system running a 2.6.x kernel, and this caused problems for machines running
  the default 2.4.31 kernel.  This package should run correctly.
+--------------------------+
Wed Jan 14 20:37:39 CST 2009
patches/packages/bind-9.3.6_P1-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.6-P1.
  Fixed checking on return values from OpenSSL's EVP_VerifyFinal and
  DSA_do_verify functions to prevent spoofing answers returned from zones using
  the DNSKEY algorithms DSA and NSEC3DSA.
  For more information, see:
    https://www.isc.org/node/373
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
  (* Security fix *)
patches/packages/ntp-4.2.4p6-i486-1_slack10.2.tgz:
  [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
  For more information, see:
    https://lists.ntp.org/pipermail/announce/2009-January/000055.html
    http://www.ocert.org/advisories/ocert-2008-016.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
  (* Security fix *)
+--------------------------+
Wed Dec 31 11:35:43 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.19-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.19.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Thu Dec 18 12:44:59 CST 2008
patches/packages/mozilla-firefox-2.0.0.20-i686-1.tgz:
  Upgraded to firefox-2.0.0.20.
  This fixes some security issues:
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
+--------------------------+
Fri Nov 28 16:27:52 CST 2008
patches/packages/samba-3.0.33-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.33.
  This package fixes an important barrier against rogue clients reading from
  uninitialized memory (though no proof-of-concept is known to exist).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314
  (* Security fix *)
+--------------------------+
Thu Nov 20 18:14:27 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.18-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.18.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Wed Nov 19 19:13:12 CST 2008
patches/packages/libxml2-2.6.32-i486-1_slack10.2.tgz:
  Upgraded to libxml2-2.6.32 and patched.
  This fixes vulnerabilities including denial of service, or possibly the
  execution of arbitrary code as the user running a libxml2 linked application
  if untrusted XML content is parsed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226
  (* Security fix *)
+--------------------------+
Sat Nov 15 19:22:43 CST 2008
patches/packages/mozilla-firefox-2.0.0.18-i686-1.tgz:
  Upgraded to firefox-2.0.0.18.
  This fixes some security issues:
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
+--------------------------+
Mon Oct 13 13:58:21 CDT 2008
patches/packages/glibc-zoneinfo-2.3.5-noarch-11_slack10.2.tgz:
  Upgraded to tzdata2008h for the latest world timezone changes.
+--------------------------+
Fri Sep 26 22:38:32 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.17-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.17.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Thu Sep 25 23:24:07 CDT 2008
patches/packages/mozilla-firefox-2.0.0.17-i686-1.tgz:
  Upgraded to firefox-2.0.0.17.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
+--------------------------+
Wed Sep 17 02:28:20 CDT 2008
patches/packages/bind-9.3.5_P2-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.5-P2.
  This version has performance gains over bind-9.3.5-P1.
+--------------------------+
Wed Sep  3 19:51:43 CDT 2008
patches/packages/php-4.4.9-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.9.  This upgrades the bundled PCRE library to fix
  security issues, as well as fixing a few other security related bugs.
  See the PHP4 ChangeLog for more details:
    http://www.php.net/ChangeLog-4.php#4.4.9
  Please note:  PHP4 has been officially discontinued since last year, and
  reached the announced EOL on 2008-08-08.  Sites should consider migrating
  to a supported release.
  (* Security fix *)
+--------------------------+
Mon Sep  1 21:56:29 CDT 2008
patches/packages/samba-3.0.32-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.32.  This is a bugfix release.  See the WHATSNEW.txt
  file in the Samba docs for details on what has changed.
+--------------------------+
Mon Aug  4 14:03:01 CDT 2008
patches/packages/python-2.4.5-i486-1_slack10.2.tgz:
  Upgraded to 2.4.5 and patched overflows and other security problems.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
  (* Security fix *)
patches/packages/python-demo-2.4.5-i486-1_slack10.2.tgz:  Upgraded.
patches/packages/python-tools-2.4.5-i486-1_slack10.2.tgz:  Upgraded.
+--------------------------+
Mon Jul 28 22:05:06 CDT 2008
patches/packages/fetchmail-6.3.8-i486-1_slack10.2.tgz:
  Patched to fix a possible denial of service when "-v -v" options are used.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711
  (* Security fix *)
patches/packages/mozilla-thunderbird-2.0.0.16-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.16.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html
  (* Security fix *)
+--------------------------+
Wed Jul 23 16:27:21 CDT 2008
patches/packages/dnsmasq-2.45-i486-1_slack10.2.tgz:
  Upgraded to dnsmasq-2.45.
  It was discovered that earlier versions of dnsmasq have DNS cache
  weaknesses that are similar to the ones recently discovered in BIND.
  This new release minimizes the risk of cache poisoning.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
+--------------------------+
Wed Jul 16 17:14:13 CDT 2008
patches/packages/mozilla-firefox-2.0.0.16-i686-1.tgz:
  Upgraded to firefox-2.0.0.16.
  This release fixes some more security vulnerabilities.
  For more information, see:
    http://www.mozilla.org/security/known-vulnerabilities/firefox20.html
  (* Security fix *)
+--------------------------+
Wed Jul  9 20:03:57 CDT 2008
patches/packages/bind-9.3.5_P1-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.5-P1.
  This upgrade addresses a security flaw known as the CERT VU#800113 DNS Cache
  Poisoning Issue.  This is the summary of the problem from the BIND site:
    "A weakness in the DNS protocol may enable the poisoning of caching
     recurive resolvers with spoofed data.  DNSSEC is the only full solution.
     New versions of BIND provide increased resilience to the attack."
  It is suggested that sites that run BIND upgrade to one of the new packages
  in order to reduce their exposure to DNS cache poisoning attacks.
  For more information, see:
    http://www.isc.org/sw/bind/bind-security.php
    http://www.kb.cert.org/vuls/id/800113
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
  (* Security fix *)
patches/packages/mozilla-firefox-2.0.0.15-i686-1.tgz:
  Upgraded to firefox-2.0.0.15.
  This release closes several possible security vulnerabilities and bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed May 28 19:46:22 CDT 2008
patches/packages/samba-3.0.30-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.30.
  This is a security release in order to address CVE-2008-1105 ("Boundary
  failure when parsing SMB responses can result in a buffer overrun").
  For more information on the security issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
  (* Security fix *)
+--------------------------+
Wed May  7 16:54:39 CDT 2008
patches/packages/mozilla-thunderbird-2.0.0.14-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.14.
    This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
testing/packages/php5/php-5.2.6-i486-1_slack10.2.tgz:
  Upgraded to php-5.2.6.  PHP4 was standard in Slackware 10.2, which is why
  this package is provided "in place" under /testing rather than under
  /patches (where upgrade tools might mistakenly grab and install it where
  it would not be desirable.)  PHP5 has never been officially supported in
  Slackware 10.2, but we upgrade it anyway...  :-)
  This version of PHP contains many fixes and enhancements.  Some of the fixes
  are security related, and the PHP release announcement provides this list:
    * Fixed possible stack buffer overflow in the FastCGI SAPI identified by
      Andrei Nigmatulin.
    * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
    * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
    * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
    * Properly address incomplete multibyte chars inside escapeshellcmd()
      identified by Stefan Esser.
    * Upgraded bundled PCRE to version 7.6
  When last checked, CVE-2008-0599 was not yet open.  However, additional
  information should become available at this URL:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
  The list reproduced above, as well as additional information about other
  fixes in PHP 5.2.6 may be found in the PHP release announcement here:
    http://www.php.net/releases/5_2_6.php
  (* Security fix *)
+--------------------------+
Mon Apr 28 23:46:17 CDT 2008
patches/packages/libpng-1.2.27-i486-1_slack10.2.tgz:
  Upgraded to libpng-1.2.27.
  This fixes various bugs, the most important of which have to do with the
  handling of unknown chunks containing zero-length data.  Processing a PNG
  image that contains these could cause the application using libpng to crash
  (possibly resulting in a denial of service), could potentially expose the
  contents of uninitialized memory, or could cause the execution of arbitrary
  code as the user running libpng (though it would probably be quite difficult
  to cause the execution of attacker-chosen code).  We recommend upgrading the
  package as soon as possible.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng-1.2.27-README.txt
  (* Security fix *)
+--------------------------+
Sat Apr 19 23:49:25 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-3_slack10.2.tgz:
  Recompiled, with --without-speex (we didn't ship the speex library in
  Slackware anyway, but for reference this issue would be CVE-2008-1686),
  and with --disable-nosefart (the recently reported as insecurely
  demuxed NSF format).  As before in -2, this package fixes the two
  regressions mentioned in the release notes for xine-lib-1.1.12:
    http://sourceforge.net/project/shownotes.php?release_id=592185&group_id=9655
  (* Security fix *)
+--------------------------+
Thu Apr 17 16:25:55 CDT 2008
patches/packages/mozilla-firefox-2.0.0.14-i686-1.tgz:
  Upgraded to firefox-2.0.0.14.
  This upgrade fixes a potential security bug.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Tue Apr  8 00:17:36 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-2_slack10.2.tgz:
  Patched to fix playback failure affecting several media formats
  accidentally broken in the xine-lib-1.1.11.1 release.  Thanks to Diogo Sousa
  for pointing me to the new release notes on xinehq.de.
+--------------------------+
Mon Apr  7 02:04:58 CDT 2008
patches/packages/bzip2-1.0.5-i486-1_slack10.2.tgz:  Upgraded to bzip2-1.0.5.
  Previous versions of bzip2 contained a buffer overread error that could cause
  applications linked to libbz2 to crash, resulting in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
  (* Security fix *)
patches/packages/m4-1.4.11-i486-1_slack10.2.tgz:  Upgraded to m4-1.4.11.
  In addition to bugfixes and enhancements, this version of m4 also fixes two
  issues with possible security implications.  A minor security fix with the
  use of "maketemp" and "mkstemp" -- these are now quoted to prevent the
  (rather unlikely) possibility that an unquoted string could match an
  existing macro causing operations to be done on the wrong file.  Also,
  a problem with the '-F' option (introduced with version 1.4) could cause a
  core dump or possibly (with certain file names) the execution of arbitrary
  code.  For more information on these issues, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
  (* Security fix *)
+--------------------------+
Fri Apr  4 12:36:37 CDT 2008
patches/packages/openssh-5.0p1-i486-1_slack10.2.tgz:
Upgraded to openssh-5.0p1.
  This version fixes a security issue where local users could hijack forwarded
  X connections.  Upgrading to the new package is highly recommended.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
  (* Security fix *)
+--------------------------+
Mon Mar 31 23:33:58 CDT 2008
patches/packages/xine-lib-1.1.11.1-i686-1_slack10.2.tgz:
  Upgraded to xine-lib-1.1.11.1.
  Earlier versions of xine-lib suffer from an integer overflow which may lead
  to a buffer overflow that could potentially be used to gain unauthorized
  access to the machine if a malicious media file is played back.  File types
  affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
  For more information on this security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
  (* Security fix *)
+--------------------------+
Sat Mar 29 03:09:17 CDT 2008
patches/packages/mozilla-firefox-2.0.0.13-i686-1.tgz:
  Upgraded to firefox-2.0.0.13.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/xine-lib-1.1.11-i686-1_slack10.2.tgz:
  Earlier versions of xine-lib suffer from an array index bug that
  may have security implications if a malicious RTSP stream is
  played.  Playback of other media formats is not affected.
  If you use RTSP, you should probably upgrade xine-lib.
  For more information on the security issue, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
  (* Security fix *)
+--------------------------+
Sat Mar  1 15:55:28 CST 2008
patches/packages/mozilla-thunderbird-2.0.0.12-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.12.
  This update fixes the following security related issues:
    MFSA 2008-12:  Heap buffer overflow in external MIME bodies
    MFSA 2008-05:  Directory traversal via chrome: URI
    MFSA 2008-03:  Privilege escalation, XSS, Remote Code Execution
    MFSA 2008-01:  Crashes with evidence of memory corruption (rv:1.8.1.12)
  For more information, see:
    http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-05.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-03.html
    http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
  These are the related CVE entries:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0304
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0415
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0412
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0413
(* Security fix *)
+--------------------------+
Thu Feb 14 17:37:11 CST 2008
patches/packages/apache-1.3.41-i486-1_slack10.2.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
patches/packages/php-4.4.8-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.8.  This is a security and bugfix release.
  More information may be found here:
    http://bugs.php.net/43010
  This is the last regular release of PHP-4.4.x.
  The EOL is scheduled for 2008-08-08.
  (* Security fix *)
+--------------------------+
Tue Feb 12 23:07:34 CST 2008
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
  Upgraded to firefox-2.0.0.12.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Mon Dec 31 18:49:52 CST 2007
patches/packages/glibc-zoneinfo-2.3.5-noarch-10_slack10.2.tgz:
  Some deja vu.  ;-)
  Upgraded to tzdata2007k.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 24 15:54:26 CST 2007
patches/packages/glibc-zoneinfo-2.3.5-noarch-9_slack10.2.tgz:
  Upgraded to tzdata2007j.  A new year should be started with the
  latest timezone data, so here it is.
  Happy holidays, and a happy new year to all!  :-)
+--------------------------+
Mon Dec 10 12:45:35 CST 2007
patches/packages/samba-3.0.28-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.28.
  Samba 3.0.28 is a security release in order to address a boundary failure
  in GETDC mailslot processing that can result in a buffer overrun leading
  to possible code execution.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015
    http://www.samba.org/samba/history/samba-3.0.28.html
    http://secunia.com/secunia_research/2007-99/advisory/
  (* Security fix *)
+--------------------------+
Mon Dec  3 19:58:51 CST 2007
patches/packages/samba-3.0.27a-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.27a.
  This update fixes a crash bug regression experienced by smbfs clients caused
  by the fix for CVE-2007-4572.
+--------------------------+
Sat Dec  1 16:57:18 CST 2007
patches/packages/rsync-2.6.9-i486-1_slack10.2.tgz:
  Patched some security bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
    http://lists.samba.org/archive/rsync-announce/2007/000050.html
  (* Security fix *)
patches/packages/mozilla-firefox-2.0.0.11-i686-1.tgz:  Upgraded to Firefox
  2.0.0.11, which fixed a bug introduced by the 2.0.0.10 update in the
  <canvas> feature that affected some web pages and extensions.
+--------------------------+
Tue Nov 27 16:23:07 CST 2007
patches/packages/mozilla-firefox-2.0.0.10-i686-1.tgz:
  Upgraded to firefox-2.0.0.10.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed Nov 21 00:55:51 CST 2007
patches/packages/libpng-1.2.23-i486-1_slack10.2.tgz:
  Upgraded to libpng-1.2.23.
  Previous libpng versions may crash when loading malformed PNG files.
  It is not currently known if this vulnerability can be exploited to
  execute malicious code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
  (* Security fix *)
+--------------------------+
Tue Nov 20 16:49:58 CST 2007
patches/packages/mozilla-thunderbird-2.0.0.9-i686-1.tgz:
  Upgraded to thunderbird-2.0.0.9.
  This update fixes the following security related issues:
     URIs with invalid %-encoding mishandled by Windows (MFSA 2007-36).
     Crashes with evidence of memory corruption (MFSA 2007-29).
   OK, so the first one obviously does not affect us.  :-)  The second fix has
   to do with the same JavaScript handling problem fixed before in Firefox.
   JavaScript is not enabled by default in Thunderbird, and the developers
   (at least in MFSA 2007-36) do not recommend turning it on.
  For more information, see:
    http://www.mozilla.org/security/announce/2007/mfsa2007-36.html
    http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339
  (* Security fix *)
+--------------------------+
Fri Nov 16 17:22:18 CST 2007
patches/packages/samba-3.0.27-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.27.
  Samba 3.0.27 is a security release in order to address a stack buffer
  overflow in nmbd's logon request processing, and remote code execution in
  Samba's WINS server daemon (nmbd) when processing name registration followed
  name query requests.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398
  (* Security fix *)
+--------------------------+
Mon Nov 12 01:25:34 CST 2007
patches/packages/kdegraphics-3.4.2-i486-3_slack10.2.tgz:
  Patched xpdf related bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
patches/packages/xpdf-3.02pl2-i486-1_slack10.2.tgz:
  Upgraded to xpdf-3.02pl2.
  The pl2 patch fixes a crash in xpdf.
  Some theorize that this could be used to execute arbitrary code if an
  untrusted PDF file is opened, but no real-world examples are known (yet).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
  (* Security fix *)
+--------------------------+
Sat Nov 10 15:36:59 CST 2007
patches/packages/mozilla-firefox-2.0.0.9-i686-1.tgz:
  Upgraded to firefox-2.0.0.9.
  This upgrade improves the stability of Firefox.
  For more information, see:
    http://developer.mozilla.org/devnews/index.php/2007/11/01/firefox-2009-stability-update-now-available-for-download/
testing/packages/php5/php-5.2.5-i486-1_slack10.2.tgz:
  Upgraded to php-5.2.5.
  This fixes bugs and security issues.
  For more information, see:
    http://www.php.net/releases/5_2_5.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887
  (* Security fix *)
+--------------------------+
Thu Nov  1 22:03:53 CDT 2007
patches/packages/cups-1.1.23-i486-2_slack10.2.tgz:
  Patched cups-1.1.23.
  Errors in ipp.c may allow a remote attacker to crash CUPS resulting
  in a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  (* Security fix *)
+--------------------------+
Wed Oct 24 22:51:37 CDT 2007
patches/packages/mozilla-firefox-2.0.0.8-i686-1.tgz:
  Upgraded to firefox-2.0.0.8.
  This upgrade fixes some more security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
The ancient Firefox in slackware/xap will be left there, as we no longer
change the main tree after a release.  It's strongly suggested that you
consider upgrading to a newer version, though.
+--------------------------+
Wed Oct 10 11:50:50 CDT 2007
patches/packages/glibc-zoneinfo-2.3.5-noarch-8_slack10.2.tgz:
  Upgraded to timezone data from tzcode2007h and tzdata2007h.
  This contains the latest timezone data from NIST, including some important
  changes to daylight savings time in Brasil and New Zealand.
+--------------------------+
Wed Sep 12 15:20:06 CDT 2007
patches/packages/openssh-4.7p1-i486-1_slack10.2.tgz:
  Upgraded to openssh-4.7p1.
  From the OpenSSH release notes:
  "Security bugs resolved in this release:  Prevent ssh(1) from using a
  trusted X11 cookie if creation of an untrusted cookie fails; found and
  fixed by Jan Pechanec."
  While it's fair to say that we here at Slackware don't see how this could
  be leveraged to compromise a system, a) the OpenSSH people (who presumably
  understand the code better) characterize this as a security bug, b) it has
  been assigned a CVE entry, and c) OpenSSH is one of the most commonly used
  network daemons.  Better safe than sorry.
  More information should appear here eventually:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
  (* Security fix *)
patches/packages/samba-3.0.26a-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.26a.
  This fixes a security issue in all Samba 3.0.25 versions:
  "Incorrect primary group assignment for domain users using the rfc2307
   or sfu winbind nss info plugin."
  For more information, see:
    http://www.samba.org/samba/security/CVE-2007-4138.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138
  (* Security fix *)
testing/packages/php5/php-5.2.4-i486-1_slack10.2.tgz:
  Upgraded to php-5.2.4.  The PHP announcement says this version fixes over
  120 bugs as well as "several low priority security bugs."
  Read more about it here:
    http://www.php.net/releases/5_2_4.php
  (* Security fix *)
+--------------------------+
Sat Aug 18 15:00:32 CDT 2007
patches/packages/tcpdump-3.9.7-i486-1_slack10.2.tgz:
  Upgraded to libpcap-0.9.7, tcpdump-3.9.7.
  This new version fixes an integer overflow in the BGP dissector which
  could possibly allow remote attackers to crash tcpdump or to execute
  arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
  (* Security fix *)
+--------------------------+
Fri Aug 10 22:39:13 CDT 2007
patches/packages/gimp-2.2.17-i486-1_slack10.2.tgz:
  Upgraded to gimp-2.2.17, which fixes buffer overflows when decoding
  certain image types.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949
  (* Security fix *)
patches/packages/qt-3.3.4-i486-5_slack10.2.tgz:
  Patched to fix several format string bugs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3388
  (* Security fix *)
patches/packages/xpdf-3.02pl1-i486-1_slack10.2.tgz:
  Upgraded to xpdf-3.02pl1.  This fixes an integer overflow that could possibly
  be leveraged to run arbitrary code if a malicious PDF file is processed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
  (* Security fix *)
+--------------------------+
Thu Jul 26 15:51:42 CDT 2007
patches/packages/bind-9.3.4_P1-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.4_P1 to fix a security issue.
  The query IDs in BIND9 prior to BIND 9.3.4-P1 are cryptographically weak.
  For more information on this issue, see:
    http://www.isc.org/index.pl?/sw/bind/bind-security.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
  (* Security fix *)
+--------------------------+
Wed Jun 13 22:08:36 CDT 2007
patches/packages/libexif-0.6.16-i486-1_slack10.2.tgz:
  Upgraded to libexif-0.6.16.
  An integer overflow in libexif can crash applications that use the library
  on malformed images.  The upstream advisory indicates that this flaw could
  also be used to execute arbitrary code in the context of the user, but no
  exploit is known (by us) to exist among iDefense's researchers or in the
  wild.  But, as a crash bug and heap overflow one must suppose that the
  possibility exists.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4168
  (* Security fix *)
+--------------------------+
Fri Jun  1 19:54:09 CDT 2007
patches/packages/mozilla-firefox-1.5.0.12-i686-1.tgz:
  Upgraded to firefox-1.5.0.12.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.12-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.12.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Fri Jun  1 14:54:59 CDT 2007
testing/packages/php5/php-5.2.3-i486-1_slack10.2.tgz:
Upgraded to php-5.2.3.
  Here's some basic information about the release from php.net:
    "This release continues to improve the security and the stability of the
    5.X branch as well as addressing two regressions introduced by the
    previous 5.2 releases.  These regressions relate to the timeout handling
    over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in
    certain conditions.  All users are encouraged to upgrade to this release."
  For more complete information, see:
    http://www.php.net/releases/5_2_3.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
  (* Security fix *)
+--------------------------+
Fri May 25 11:27:02 CDT 2007
patches/packages/samba-3.0.25a-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.25a.  This fixes some major (non-security) bugs in
  samba-3.0.25.  See the WHATSNEW.txt for details.
+--------------------------+
Wed May 16 16:16:59 CDT 2007
patches/packages/libpng-1.2.18-i486-1_slack10.2.tgz:
  Upgraded to libpng-1.2.18.
  A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some
  libpng applications.  This vulnerability has been assigned the identifiers
  CVE-2007-2445 and CERT VU#684664.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445
  (* Security fix *)
+--------------------------+
Mon May 14 18:22:43 CDT 2007
patches/packages/samba-3.0.25-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.25.
  Security Fixes included in the Samba 3.0.25 release are:
  o CVE-2007-2444
        Versions: Samba 3.0.23d - 3.0.25pre2
        Local SID/Name translation bug can result in
        user privilege elevation
  o CVE-2007-2446
        Versions: Samba 3.0.0 - 3.0.24
        Multiple heap overflows allow remote code execution
  o CVE-2007-2447
        Versions: Samba 3.0.0 - 3.0.24
        Unescaped user input parameters are passed as
        arguments to /bin/sh allowing for remote command
        execution
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
  (* Security fix *)
+--------------------------+
Mon May  7 21:56:52 CDT 2007
patches/packages/php-4.4.7-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.7.
  This fixes bugs and improves security.
  For more details, see:
    http://www.php.net/releases/4_4_7.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
  (* Security fix *)
testing/packages/php5/php-5.2.2-i486-1_slack10.2.tgz:
  Upgraded to php-5.2.2.
  This fixes bugs and improves security.
  For more details, see:
    http://www.php.net/releases/5_2_2.php
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
  (* Security fix *)
+--------------------------+
Thu Apr 26 12:39:47 CDT 2007
patches/packages/x11-6.8.2-i486-10_slack10.2.tgz:  Fixed some bugs in the
  fontconfig upgrade...   Put cache files in /var/cache/fontconfig, not
  /var/X11R6/var/cache/fontconfig.  Properly locate and compress fontconfig
  man pages.  Thanks to Eef Hartman for pointing these out.
patches/packages/x11-devel-6.8.2-i486-10_slack10.2.tgz:  Recompiled.
patches/packages/x11-xdmx-6.8.2-i486-10_slack10.2.tgz:  Recompiled.
patches/packages/x11-xnest-6.8.2-i486-10_slack10.2.tgz:  Recompiled.
patches/packages/x11-xvfb-6.8.2-i486-10_slack10.2.tgz:  Recompiled.
+--------------------------+
Thu Apr 19 18:53:08 CDT 2007
patches/packages/x11-6.8.2-i486-9_slack10.2.tgz:
  Replaced freetype library with freetype-2.3.4.
  This fixes an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
  Upgraded to fontconfig-2.4.2.
patches/packages/x11-devel-6.8.2-i486-9_slack10.2.tgz:
  Replaced freetype library with freetype-2.3.4.
  This fixes an overflow parsing BDF fonts.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351
  (* Security fix *)
  Upgraded to fontconfig-2.4.2.
patches/packages/x11-xnest-6.8.2-i486-9_slack10.2.tgz:
  Recompiled.
patches/packages/x11-xvfb-6.8.2-i486-9_slack10.2.tgz:
  Recompiled.
patches/packages/x11-xdmx-6.8.2-i486-9_slack10.2.tgz:
  Recompiled.
patches/packages/xine-lib-1.1.6-i686-1_slack10.2.tgz:
  Upgraded to xine-lib-1.1.6.
  This fixes overflows in xine-lib in some little-used media formats in
  xine-lib < 1.1.5 and other bugs in xine-lib < 1.1.6.  The overflows in
  xine-lib < 1.1.5 could definitely cause an application using xine-lib to
  crash, and it is theorized that a malicious media file could be made to run
  arbitrary code in the context of the user running the application.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
  (* Security fix *)
+--------------------------+
Tue Apr  3 15:01:57 CDT 2007
patches/packages/file-4.20-i486-1_slack10.2.tgz:
  Upgraded to file-4.20.
  This fixes a heap overflow that could allow code to be executed as the
  user running file (note that there are many scenarios where file might be
  used automatically, such as in virus scanners or spam filters).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
  (* Security fix *)
patches/packages/qt-3.3.4-i486-4_slack10.2.tgz:
  Patched an issue where the Qt UTF 8 decoder may in some instances fail to
  reject overlong sequences, possibly allowing "/../" path injection or XSS
  errors.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
  (* Security fix *)
+--------------------------+
Mon Mar 26 20:54:55 CDT 2007
patches/packages/libwpd-0.8.9-i486-1_slack10.2.tgz:
  Upgraded to libwpd-0.8.9.
  Various overflows may lead to application crashes upon opening a specially
  crafted WordPerfect file.  This vulnerability could also conceivably be
  used by an attacker to execute arbitrary code.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.11-i686-1.tgz:
  Upgraded to mozilla-firefox-1.5.0.11.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Tue Mar 13 18:22:59 CDT 2007
patches/packages/php-4.4.6-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.6.
  This version of PHP fixes a problem introduced with the last PHP release
  where certain applications using "register_globals" may crash.
+--------------------------+
Wed Mar  7 18:01:55 CST 2007
patches/packages/gnupg-1.4.7-i486-1_slack10.2.tgz:
  Upgraded to gnupg-1.4.7.
  This fixes a security problem that can occur when GnuPG is used incorrectly.
  Newer versions attempt to prevent such misuse.
  For more information, see:
    http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
  (* Security fix *)
patches/packages/x11-6.8.2-i486-8_slack10.2.tgz:  Patched.
  This update fixes overflows in the dbe and render extensions.  This could
  possibly be exploited to overwrite parts of memory, possibly allowing
  malicious code to execute, or (more likely) causing X to crash.
  For information about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.10-i686-1.tgz:
  Upgraded to firefox-1.5.0.10.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.10-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.10.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Thu Feb 22 21:13:04 CST 2007
patches/packages/php-4.4.5-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.5 which improves stability and security.
  For complete details, see http://www.php.net.
  For imformation about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
  (* Security fix *)
testing/packages/php-5.2.1/php-5.2.1-i486-1_slack10.2.tgz:
  Upgraded to php-5.2.1 which improves stability and security.
  For imformation about some of the security fixes, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
  (* Security fix *)
+--------------------------+
Sun Feb 18 15:20:36 CST 2007
patches/packages/glibc-zoneinfo-2.3.5-noarch-7_slack10.2.tgz:
  Updated with tzdata2007b for impending Daylight Savings Time
  changes in the US.
+--------------------------+
Wed Feb  7 12:29:05 CST 2007
patches/packages/samba-3.0.24-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.24.  From the WHATSNEW.txt file:
    "Important issues addressed in 3.0.24 include:
     o Fixes for the following security advisories:
       - CVE-2007-0452 (Potential Denial of Service bug in smbd)
       - CVE-2007-0453 (Buffer overrun in NSS host lookup Winbind
         NSS library on Solaris)
       - CVE-2007-0454 (Format string bug in afsacl.so VFS plugin)"
  Samba is Slackware is vulnerable to the first issue, which can cause smbd
  to enter into an infinite loop, disrupting Samba services.  Linux is not
  vulnerable to the second issue, and Slackware does not ship the afsacl.so
  VFS plugin (but it's something to be aware of if you build Samba with
  custom options).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
  (* Security fix *)
+--------------------------+
Fri Jan 26 22:46:30 CST 2007
patches/packages/bind-9.3.4-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.4.  This update fixes two denial of service
  vulnerabilities where an attacker could crash the name server with
  specially crafted malformed data.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
  (* Security fix *)
+--------------------------+
Wed Jan 24 14:15:07 CST 2007
patches/packages/fetchmail-6.3.6-i486-1_slack10.2.tgz:
  Upgraded to fetchmail-6.3.6.  This fixes two security issues.  First, a bug
  introduced in fetchmail-6.3.5 could cause fetchmail to crash.  However,
  no stable version of Slackware ever shipped fetchmail-6.3.5.  Second, a long
  standing bug (reported by Isaac Wilcox) could cause fetchmail to send a
  password in clear text or omit using TLS even when configured otherwise.
  All fetchmail users are encouraged to consider using getmail, or to upgrade
  to the new fetchmail packages.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
  (* Security fix *)
+--------------------------+
Sat Dec 23 16:39:20 CST 2006
patches/packages/koffice-1.4.1-i486-3_slack10.2.tgz:
  Patched to fix a security problem with KOffice's PPT file parsing.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6120
  (* Security fix *)
patches/packages/mozilla-firefox-1.5.0.9-i686-1.tgz:
  Upgraded to firefox-1.5.0.9.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.9-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.9.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/xine-lib-1.1.3-i686-1_slack10.2.tgz:
  Upgraded to xine-lib-1.1.3 which fixes possible security problems
  such as a heap overflow in libmms and a buffer overflow in the
  Real Media input plugin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2200
  (* Security fix *)
+--------------------------+
Wed Dec  6 15:16:06 CST 2006
patches/packages/gnupg-1.4.6-i486-1_slack10.2.tgz:
  Upgraded to gnupg-1.4.6.  This release fixes a severe and exploitable
  bug in earlier versions of gnupg.  All gnupg users should update to the
  new packages as soon as possible.  For details, see the information
  concerning CVE-2006-6235 posted on lists.gnupg.org:
    http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
  This update also addresses a more minor security issue possibly
  exploitable when GnuPG is used in interactive mode.  For more information
  about that issue, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
  (* Security fix *)
+--------------------------+
Fri Dec  1 15:03:20 CST 2006
patches/packages/libpng-1.2.14-i486-1_slack10.2.tgz:
  Upgraded to libpng-1.2.14.  This fixes a bug where a specially crafted PNG
  file could crash applications that use libpng.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
  (* Security fix *)
patches/packages/proftpd-1.3.0a-i486-1_slack10.2.tgz:
  Upgraded to proftpd-1.3.0a plus an additional security patch.  Several
  security issues were found in proftpd that could lead to the execution of
  arbitrary code by a remote attacker, including one in mod_tls that does
  not require the attacker to be authenticated first.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6170
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171
  (* Security fix *)
patches/packages/tar-1.16-i486-1_slack10.2.tgz:
  Upgraded to tar-1.16.
  This fixes an issue where files may be extracted outside of the current
  directory, possibly allowing a malicious tar archive, when extracted, to
  overwrite any of the user's files (in the case of root, any file on the
  system).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
  (* Security fix *)
+--------------------------+
Thu Nov  9 18:04:51 CST 2006
patches/packages/mozilla-firefox-1.5.0.8-i686-1.tgz:
  Upgraded to firefox-1.5.0.8.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.8-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.8.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Mon Nov  6 21:29:24 CST 2006
patches/packages/bind-9.3.2_P2-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.2-P2.  This fixes some security issues related to
  previous fixes in OpenSSL.  The minimum OpenSSL version was raised to
  OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws
  in older versions (these patches were already issued for Slackware).  If you
  have not upgraded yet, get those as well to prevent a potentially exploitable
  security problem in named.  In addition, the default RSA exponent was changed
  from 3 to 65537.  RSA keys using exponent 3 (which was previously BIND's
  default) will need to be regenerated to protect against the forging
  of RRSIGs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Fri Nov  3 23:19:57 CST 2006
patches/packages/php-4.4.4-i486-2_slack10.2.tgz:  Patched the UTF-8 overflow.
  More details about the vulnerability may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
  (* Security fix *)
patches/packages/screen-4.0.3-i486-1_slack10.2.tgz:  Upgraded to screen-4.0.3.
  This addresses an issue with the way screen handles UTF-8 character encoding
  that could allow screen to be crashed (or possibly code to be executed in the
  context of the screen user) if a specially crafted sequence of pseudo-UTF-8
  characters are displayed withing a screen session.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
  (* Security fix *)
+--------------------------+
Wed Oct 25 15:45:46 CDT 2006
patches/packages/qt-3.3.4-i486-3_slack10.2.tgz:  Patched.
  This fixes an issue with Qt's handling of pixmap images that causes Qt linked
  applications to crash if a specially crafted malicious image is loaded.
  Inspection of the code in question makes it seem unlikely that this could
  lead to more serious implications (such as arbitrary code execution), but it
  is recommended that users upgrade to the new Qt package.
  For more information, see:
    http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
  (* Security fix *)
+--------------------------+
Fri Sep 29 00:21:27 CDT 2006
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
  Upgraded to shared libraries from openssl-0.9.7l.
  See openssl package update below.
  (* Security fix *)
patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:
  Upgraded to openssh-4.4p1.
  This fixes a few security related issues.  From the release notes found at
  http://www.openssh.com/txt/release-4.4:
    * Fix a pre-authentication denial of service found by Tavis Ormandy,
      that would cause sshd(8) to spin until the login grace time
      expired.
    * Fix an unsafe signal hander reported by Mark Dowd. The signal
      handler was vulnerable to a race condition that could be exploited
      to perform a pre-authentication denial of service. On portable
      OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication
      is enabled, but the likelihood of successful exploitation appears
      remote.
    * On portable OpenSSH, fix a GSSAPI authentication abort that could
      be used to determine the validity of usernames on some platforms.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
    After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set
  the way you want them.  Future upgrades will respect the existing permissions
  settings.  Thanks to Manuel Reimer for pointing out that upgrading openssh
  would enable a previously disabled sshd daemon.
    Do better checking of passwd, shadow, and group to avoid adding
    redundant entries to these files.  Thanks to Menno Duursma.
  (* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
  Upgraded to openssl-0.9.7l.
  This fixes a few security related issues:
      During the parsing of certain invalid ASN.1 structures an error
    condition is mishandled.  This can result in an infinite loop which
    consumes system memory (CVE-2006-2937).  (This issue did not affect
    OpenSSL versions prior to 0.9.7)
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      Certain types of public key can take disproportionate amounts of
    time to process. This could be used by an attacker in a denial of
    service attack (CVE-2006-2940).
    Thanks to Dr S. N. Henson of Open Network Security and NISCC.
      A buffer overflow was discovered in the SSL_get_shared_ciphers()
    utility function.  An attacker could send a list of ciphers to an
    application that uses this function and overrun a buffer.
    (CVE-2006-3738)
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
      A flaw in the SSLv2 client code was discovered. When a client
    application used OpenSSL to create an SSLv2 connection to a malicious
    server, that server could cause the client to crash (CVE-2006-4343).
    Thanks to Tavis Ormandy and Will Drewry of the Google Security Team.
  Links to the CVE entries will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
  (* Security fix *)
+--------------------------+
Tue Sep 19 14:07:49 CDT 2006
patches/packages/gzip-1.3.5-i486-1_slack10.2.tgz:
  Upgraded to gzip-1.3.5, and fixed a variety of bugs.
  Some of the bugs have possible security implications if gzip or its tools are
  fed a carefully constructed malicious archive.  Most of these issues were
  recently discovered by Tavis Ormandy and the Google Security Team.  Thanks
  to them, and also to the ALT and Owl developers for cleaning up the patch.
  For further details about the issues fixed, please see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
  (* Security fix *)
+--------------------------+
Sat Sep 16 23:12:59 CDT 2006
patches/packages/x11-6.8.2-i486-7_slack10.2.tgz:i
  Fixed an overflow in CID encoded Type1 font parsing.
  For further reference, see:
    http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
  (* Security fix *)
patches/packages/x11-devel-6.8.2-i486-7_slack10.2.tgz:  Recompiled.
patches/packages/x11-xdmx-6.8.2-i486-7_slack10.2.tgz:  Recompiled.
patches/packages/x11-xnest-6.8.2-i486-7_slack10.2.tgz:  Recompiled.
patches/packages/x11-xvfb-6.8.2-i486-7_slack10.2.tgz:  Recompiled.
+--------------------------+
Thu Sep 14 19:44:27 CDT 2006
patches/packages/mozilla-firefox-1.5.0.7-i686-1.tgz:
  Upgraded to firefox-1.5.0.7.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.7-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.7.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Thu Sep 14 05:30:50 CDT 2006
patches/packages/openssl-0.9.7g-i486-3_slack10.2.tgz:  Patched an issue where
  it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
patches/packages/openssl-solibs-0.9.7g-i486-3_slack10.2.tgz:  Patched an issue
  where it is possible to forge certain kinds of RSA signatures.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
  (* Security fix *)
+--------------------------+
Thu Sep  7 23:41:37 CDT 2006
patches/packages/bind-9.3.2_P1-i486-1_slack10.2.tgz:
  Upgraded to bind-9.3.2_P1.
  This update addresses a denial of service vulnerability.
  BIND's CHANGES file says this:
    2066.   [security]      Handle SIG queries gracefully. [RT #16300]
  The best discussion I've found is in FreeBSD's advisory, so here's a link:
    http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
  Also, fixed some missing man pages.  (noticed by Xavier Thomassin -- thanks)
  (* Security fix *)
+--------------------------+
Tue Aug 22 15:20:32 CDT 2006
patches/packages/glibc-2.3.5-i486-6_slack10.2.tgz:  Patched an issue with
  kernel version parsing in ld-2.3.5.so that was leading glibc to treat 2.4
  kernels with 4 version parts (such as 2.4.33.1) as if they supported NPTL,
  leading to a crash at boot.
  Added ru_RU.CP1251 locale support.
  Updated timezone information from tzdata2006j.
  Updated timezone utilities from tzcode2006j.
patches/packages/glibc-i18n-2.3.5-noarch-6_slack10.2.tgz:  Rebuilt.
  Added ru_RU.CP1251 locale support.
patches/packages/glibc-profile-2.3.5-i486-6_slack10.2.tgz:  Recompiled.
patches/packages/glibc-solibs-2.3.5-i486-6_slack10.2.tgz:  Patched an issue
  with kernel version parsing in ld-2.3.5.so that was leading glibc to treat
  2.4 kernels with 4 version parts (such as 2.4.33.1) as if they supported
  NPTL, leading to a crash at boot.
patches/packages/glibc-zoneinfo-2.3.5-noarch-6_slack10.2.tgz:
  Updated timezone information from tzdata2006j.
+--------------------------+
Fri Aug 18 00:27:05 CDT 2006
patches/packages/libtiff-3.8.2-i486-1_slack10.2.tgz:
  Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
  the Google Security Team.  These issues could be used to crash programs
  linked to libtiff or possibly to execute code as the program's user.
  A low risk command-line overflow in tiffsplit was also patched.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
  (* Security fix *)
patches/packages/php-4.4.4-i486-1_slack10.2.tgz:  Upgraded to php-4.4.4.
  Some of the security issues fixed in this release include:
    * Added missing safe_mode/open_basedir checks inside the error_log(),
      file_exists(), imap_open() and imap_reopen() functions.
    * Fixed possible open_basedir/safe_mode bypass in cURL extension.
    * Fixed a buffer overflow inside sscanf() function.
  (* Security fix *)
testing/packages/php-5.1.5/php-5.1.5-i486-1_slack10.2.tgz:
  Usually packages in /testing aren't patched or upgraded after a release,
  but since quite a few people have probably deployed this one, and it is
  a network service, an upgraded package is being provided.
  Upgraded to php-5.1.5.
  Some of the security issues fixed in this release include:
    * Added missing safe_mode/open_basedir checks inside the error_log(),
      file_exists(), imap_open() and imap_reopen() functions.
    * Fixed possible open_basedir/safe_mode bypass in cURL extension and on
      PHP 5 with realpath cache.
    * Fixed a buffer overflow inside sscanf() function.
  (* Security fix *)
+--------------------------+
Sat Aug  5 01:23:15 CDT 2006
patches/packages/php-4.4.3-i486-1_slack10.2.tgz:
  Upgraded to php-4.4.3.
    From the announcement of the release:
     The security issues resolved include the following:
     * Disallow certain characters in session names.
     * Fixed a buffer overflow inside the wordwrap() function.
     * Prevent jumps to parent directory via the 2nd parameter of the
       tempnam() function.
     * Improved safe_mode check for the error_log() function.
     * Fixed cross-site scripting inside the phpinfo() function.
  The PHP 4.4.3 release announcement may be found on their web site:
    http://www.php.net
(* Security fix *)
+--------------------------+
Wed Aug  2 22:03:08 CDT 2006
patches/packages/gnupg-1.4.5-i486-1_slack10.2.tgz:
  Upgraded to gnupg-1.4.5.
  From the gnupg-1.4.5 NEWS file:
    * Fixed 2 more possible memory allocation attacks.  They are
    similar to the problem we fixed with 1.4.4.  This bug can easily
    be be exploited for a DoS; remote code execution is not entirely
    impossible.
(* Security fix *)
+--------------------------+
Sun Jul 30 21:30:17 CDT 2006
patches/packages/mysql-4.1.21-i486-1_slack10.2.tgz:
  Upgraded to mysql-4.1.21.
  This is a bugfix and security release.
  For more details, see MySQL's news page about MySQL 4.1.21:
    http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
  The CVE entry may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3469
  Thanks to Nino Petkov for pointing out this MySQL release to me.  :-)
  (* Security fix *)
+--------------------------+
Fri Jul 28 17:37:42 CDT 2006
patches/packages/apache-1.3.37-i486-1_slack10.2.tgz:
  Upgraded to apache-1.3.37.
  From the announcement on httpd.apache.org:
    This version of Apache is security fix release only.  An off-by-one flaw
    exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3
    since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
  The Slackware Security Team feels that the vast majority of installations
  will not be configured in a vulnerable way but still suggests upgrading to
  the new apache and mod_ssl packages for maximum security.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
  And see Apache's announcement here:
    http://www.apache.org/dist/httpd/Announcement1.3.html
  (* Security fix *)
patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz:
  Upgraded to mod_ssl-2.8.28-1.3.37.
+--------------------------+
Thu Jul 27 16:27:14 CDT 2006
patches/packages/mozilla-firefox-1.5.0.5-i686-1.tgz:
  Upgraded to firefox-1.5.0.5.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.5-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.5.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Wed Jul 26 15:51:51 CDT 2006
patches/packages/xine-lib-1.1.2-i686-1.tgz:
  Upgraded to xine-lib-1.1.2.
  According to xinehq.de's announcement:
   There are three security fixes:
     - CVE-2005-4048: possible buffer overflow in libavcodec (crafted PNGs);
     - CVE-2006-2802: possible buffer overflow in the HTTP plugin;
     - possible buffer overflow via bad indexes in specially-crafted AVI files.
  (* Security fix *)
+--------------------------+
Tue Jul 25 14:19:42 CDT 2006
patches/packages/gimp-2.2.12-i486-1.tgz:  Upgraded to gimp-2.2.12.
  This release fixes a security hole in the XCF parser.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3404
  (* Security fix *)
patches/packages/mutt-1.4.2.2i-i486-1_slack10.2.tgz:
  Upgraded to mutt-1.4.2.2i.
  This release fixes CVE-2006-3242, a buffer overflow that could be triggered
  by a malicious IMAP server.
  [Connecting to malicious IMAP servers must be common, right? -- Ed.]
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242
  (* Security fix *)
patches/packages/x11-6.8.2-i486-6_slack10.2.tgz:
  Patched some more possible linux 2.6.x setuid() related bugs:
    http://lists.freedesktop.org/archives/xorg-announce/2006-June/000100.html
  Patched CVE-2006-1861 linux 2.6.x setuid() related bugs in freetype2.
  (* Security fix *)
patches/packages/x11-devel-6.8.2-i486-6_slack10.2.tgz:  Patched as above.
  (* Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
patches/packages/x11-xnest-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-6_slack10.2.tgz:  Rebuilt.
+--------------------------+
Tue Jul 18 22:44:53 CDT 2006
patches/packages/samba-3.0.23-i486-2_slack10.2.tgz:
  Patched a problem in nsswitch/wins.c that caused crashes in the wins
  and/or winbind libraries.
  Thanks to Mikhail Kshevetskiy for pointing out the issue and offering
  a reference to the patch in Samba's source repository.
  Also, this version of Samba evidently created a new dependency on libdm.so
  (found in the xfsprogs package in non -current Slackware versions).  This
  additional dependency was not intentional, and has been corrected.
+--------------------------+
Fri Jul 14 17:17:17 CDT 2006
patches/packages/samba-3.0.23-i486-1_slack10.2.tgz:
  Upgraded to samba-3.0.23.
  This fixes a minor memory exhaustion DoS in smbd.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
  (* Security fix *)
+--------------------------+
Tue Jun 27 18:48:22 CDT 2006
patches/packages/arts-1.4.2-i486-2_slack10.2.tgz:
  Patched to fix a possible exploit if artswrapper is setuid root (which,
  by default, it is not) and the system is running a 2.6 kernel.
  Systems running 2.4 kernels are not affected.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-2.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
  (* Security fix *)
patches/packages/gnupg-1.4.4-i486-1_slack10.2.tgz:
  This version fixes a memory allocation issue that could allow an attacker to
  crash GnuPG creating a denial-of-service.
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3082
patches/packages/kdebase-3.4.2-i486-3_slack10.2.tgz:
  Patched a problem with kdm where it could be abused to read any file
  on the system.
  The official KDE security advisory may be found here:
    http://www.kde.org/info/security/advisory-20060614-1.txt
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
  (* Security fix *)
+--------------------------+
Thu Jun 15 02:06:03 CDT 2006
patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz:
  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
  Sendmail has also provided an FAQ about this issue:
    http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz:
  Upgraded to sendmail-8.13.7 configs.
+--------------------------+
Sat Jun  3 16:53:29 CDT 2006
patches/packages/mozilla-firefox-1.5.0.4-i686-1.tgz:
  Upgraded to firefox-1.5.0.4.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.4-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.4.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz:
  Upgraded to mysql-4.1.20.  This fixes an SQL injection vulnerability.
  For more details, see the MySQL 4.1.20 release announcement here:
    http://lists.mysql.com/announce/364
  The CVE entry for this issue will be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
+--------------------------+
Mon May 22 10:44:28 CDT 2006
patches/packages/bin-10.2-i486-2_10.2.tgz:
  Upgraded to eject-2.1.4 to fix problems with 2.6 kernels (bugfix).
  Patched a security problem in zoo's fullpath() function that was reported by
  Jean-Sebastien Guay-Leroux.  At first this didn't seem like much as zoo is
  old and hardly used, but there are virus scanning programs that scan zoo
  archives.  It is a possible problem on any system running zoo like this in
  an automated way, and (of course) could also cause problems if a user were
  to open a malicious zoo archive manually.  (though I'd be pretty suspicious
  if someone were to mail me anything using "zoo" in 2006...)
  (* Security fix *)
patches/packages/tetex-3.0-i486-2_10.2.tgz:  Regenerated the etex.fmt files
  with etex, not pdfetex.  This is more appropriate since etex is a binary,
  not a link to pdfetex.  Thanks to John Breckenridge for reporting the issue.
  Added --disable-a4, and fixed the texconfig for US paper default in the
  build script.  Thanks to Marc Benstein and Jingmin Zhou for reporting this.
  Improved /tmp use security.
  Patched a possible security issue in library code borrowed from xpdf that's
  used in pdfetex.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
  (* Security fix *)
+--------------------------+
Wed May 10 15:07:18 CDT 2006
patches/packages/apache-1.3.35-i486-2_slack10.2.tgz:
  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Tue May  9 00:48:46 CDT 2006
patches/packages/apache-1.3.35-i486-1_slack10.2.tgz:
  Upgraded to apache-1.3.35.
  From the official announcement:
    Of particular note is that 1.3.35 addresses and fixes 1 potential
    security issue: CVE-2005-3352 (cve.mitre.org)
       mod_imap: Escape untrusted referer header before outputting in HTML
       to avoid potential cross-site scripting.  Change also made to
       ap_escape_html so we escape quotes.  Reported by JPCERT
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
  (* Security fix *)
patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz:
  Upgraded to mod_ssl-2.8.26-1.3.35.
  This is an updated version designed for Apache 1.3.35.
patches/packages/mysql-4.1.19-i486-1.tgz:
  Upgraded to mysql-4.1.19.
  This fixes some minor security issues with possible information leakage.
  Note that the information leakage bugs require that the attacker have
  access to an account on the database.  Also note that by default,
  Slackware's rc.mysqld script does *not* allow access to the database
  through the outside network (it uses the --skip-networking option).
  If you've enabled network access to MySQL, it is a good idea to filter
  the port (3306) to prevent access from unauthorized machines.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517
  (* Security fix *)
+--------------------------+
Wed May  3 21:55:38 CDT 2006
patches/packages/mozilla-firefox-1.5.0.3-i686-1.tgz:
  Upgraded to firefox-1.5.0.3.
  This upgrade fixes a crash bug that could possibly be used to
  execute code as the Firefox user.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed May  3 00:04:31 CDT 2006
patches/packages/x11-6.8.2-i486-5.tgz:
  Patched with x11r6.9.0-mitri.diff and recompiled.
  A typo in the X render extension allows an X client to crash the server
  and possibly to execute arbitrary code as the X server user (typically
  this is "root".)
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
  The advisory from X.Org may be found here:
    http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
  (* Security fix *)
patches/packages/x11-devel-6.8.2-i486-5.tgz:
  Patched and recompiled libXrender.
  (* Security fix *)
+--------------------------+
Sun Apr 30 17:38:15 CDT 2006
patches/packages/mozilla-thunderbird-1.5.0.2-i686-1.tgz:
  Upgraded to thunderbird-1.5.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
  (* Security fix *)
+--------------------------+
Mon Apr 24 14:36:46 CDT 2006
patches/packages/mozilla-1.7.13-i486-1.tgz:  Upgraded to mozilla-1.7.13.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
  This release marks the end-of-life of the Mozilla 1.7.x series:
    http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
  Mozilla Corporation is recommending that users think about
  migrating to Firefox and Thunderbird.
  (* Security fix *)
+--------------------------+
Mon Apr 17 01:31:07 CDT 2006
patches/packages/mozilla-firefox-1.5.0.2-i686-1.tgz:
  Upgraded to firefox-1.5.0.2.
  This upgrade fixes several possible security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
  (* Security fix *)
+--------------------------+
Wed Mar 22 13:01:23 CST 2006
patches/packages/sendmail-8.13.6-i486-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    http://www.sendmail.com/company/advisory/index.shtml
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
  Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+
Mon Mar 13 20:42:48 CST 2006
patches/packages/gnupg-1.4.2.2-i486-1.tgz:  Upgraded to gnupg-1.4.2.2.
  There have been two security related issues reported recently with GnuPG.
  From the GnuPG 1.4.2.1 and 1.4.2.2 NEWS files:
    Noteworthy changes in version 1.4.2.2 (2006-03-08)
    * Files containing several signed messages are not allowed any
      longer as there is no clean way to report the status of such
      files back to the caller.  To partly revert to the old behaviour
      the new option --allow-multisig-verification may be used.
   Noteworthy changes in version 1.4.2.1 (2006-02-14)
    * Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.  Thanks to the taviso from
      Gentoo for reporting this problem.
  (* Security fix *)
+--------------------------+
Tue Feb 14 16:08:52 CST 2006
patches/packages/php-4.4.2-i486-3.tgz:  Fixed some more bugs from the 4.4.2
  release...  hopefully the third time is the charm.
  Replaced PEAR packages for which the 4.4.2 release contained incorrect
  md5sums:  Archive_Tar-1.3.1, Console_Getopt-1.2, and HTML_Template_IT-1.1.3.
  (this last one was also not upgraded to the stable version that was released
  on 2005-11-01)  Sorry to have delayed the advisories, but these bugs had to
  be fixed first.  IMHO, the security issues are of dubious severity anyway,
  or a more agressive approach would have been taken (though this would likely
  have caused a lot of people to upgrade to the broken -1 or -2 package
  revisions, so anyone who didn't know about this until now was probably saved
  a hassle.)
  Upgraded other PEAR modules to HTTP-1.4.0, Net_SMTP-1.2.8, and XML_RPC-1.4.5.
  Thanks again to Krzysztof Oledzki for the bug report.
+--------------------------+
Fri Feb 10 17:32:28 CST 2006
patches/packages/php-4.4.2-i486-2.tgz:  Rebuilt the package to
  clean up some junk dotfiles that were installed in the /
  directory.  Harmless, but sloppy...
  Thanks to Krzysztof Oledzki for pointing this out.
+--------------------------+
Thu Feb  9 15:09:26 CST 2006
patches/packages/fetchmail-6.3.2-i486-1.tgz:  Upgraded to fetchmail-6.3.2.
  Presumably this replaces all the known security problems with
  a batch of new unknown ones.  (fetchmail is improving, really ;-)
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321
  (* Security fix *)
patches/packages/imagemagick-6.2.3_3-i486-2.tgz:  Patched and
  recompiled.  Several security issues have been backported to
  this release.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
  (* Security fix *)
patches/packages/kdegraphics-3.4.2-i486-2.tgz:  Patched integer and
  heap overflows in kpdf to fix possible security bugs with malformed
  PDF files.
  For more information, see:
    http://www.kde.org/info/security/advisory-20051207-2.txt
    http://www.kde.org/info/security/advisory-20060202-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
  (* Security fix *)
patches/packages/kdelibs-3.4.2-i486-2.tgz:  Patched a heap overflow
  vulnerability in kjs, the JavaScript interpreter engine used by
  Konqueror and other parts of KDE.
  For more information, see:
    http://www.kde.org/info/security/advisory-20060119-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
  (* Security fix *) 
patches/packages/mozilla-firefox-1.5.0.1-i686-1.tgz:  Upgraded to
  firefox-1.5.0.1.  This fixes a DoS issue and some other security bugs.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.5.0.1
  (* Security fix *)
patches/packages/openssh-4.3p1-i486-1.tgz:  Upgraded to openssh-4.3p1.
  This fixes a security issue when using scp to copy files that could
  cause commands embedded in filenames to be executed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
  (* Security fix *)
patches/packages/php-4.4.2-i486-1.tgz:  Upgraded to php-4.4.2.
  Claims to fix "a few small security issues".
  For more information, see:
    http://www.php.net/release_4_4_2.php
  (* Security fix *)
patches/packages/sudo-1.6.8p12-i486-1.tgz:  Upgraded to sudo-1.6.8p12.
  This fixes an issue where a user able to run a Python script through sudo
  may be able to gain root access.
  IMHO, running any kind of scripting language from sudo is still not safe...
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
  (* Security fix *)
patches/packages/xpdf-3.01-i486-3.tgz:  Recompiled with xpdf-3.01pl2.patch to
  fix integer and heap overflows in xpdf triggered by malformed PDF files.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
  (* Security fix *)
+--------------------------+
Fri Dec  9 20:19:31 CST 2005
patches/packages/bash-3.0-i486-4.tgz:  Fixed an obscure bug where
  suspending the first process started in a new shell would cause the
  shell to hang.
  Thanks to Grant Coady for discovering and fixing this bug.
patches/packages/bzip2-1.0.3-i486-2.tgz:  Patched a minor bug in the
  libbz2 shared library Makefile to enable support for large files.
  Thanks to Timothy C. McGrath and Manuel Jose Blanca Molinos both of
  whom pointed out this problem and provided fixes.
patches/packages/php-4.4.1-i486-2.tgz:  Recompiled with a patch from PHP
  CVS that fixes issues with SquirrelMail and possibly other PHP
  applications.  I'd hoped there would be a new PHP out quickly to
  address this but since there isn't I'm making an exception to the
  usual policy here on merging patches from CVS as a fair number of users
  seem to be affected by this issue.  Let me know if this doesn't help or
  if any undesired side effects are noticed.
  This problem was first reported here by Gerardo Exequiel Pozzi, but was
  later reported by too many people to list.  Thanks, everyone!  :-)
+--------------------------+
Mon Nov  7 19:54:57 CST 2005
patches/packages/elm-2.5.8-i486-1.tgz:  Upgraded to elm2.5.8.
  This fixes a buffer overflow in the parsing of the Expires header that
  could be used to execute arbitrary code as the user running Elm.
  Thanks to Ulf Harnhammar for finding the bug and reminding me to get
  out updated packages to address the issue.
  A reference to the original advisory:
    http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
+--------------------------+
Sat Nov  5 22:05:29 CST 2005
patches/packages/apache-1.3.34-i486-1.tgz:  Upgraded to apache-1.3.34.
  Fixes this minor security bug:  "If a request contains both Transfer-Encoding
  and Content-Length headers, remove the Content-Length, mitigating some HTTP
  Request Splitting/Spoofing attacks."
  (* Security fix *)
patches/packages/curl-7.12.2-i486-2.tgz:  Patched.  This addresses a buffer
  overflow in libcurl's NTLM function that could have possible security
  implications.
  For more details, see:
    http://curl.haxx.se/docs/security.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
patches/packages/imapd-4.64-i486-1.tgz:  Upgraded to imapd-4.64.
  A buffer overflow was reported in the mail_valid_net_parse_work function.
  However, this function in the c-client library does not appear to be called
  from anywhere in imapd.  iDefense states that the issue is of LOW risk to
  sites that allow users shell access, and LOW-MODERATE risk to other servers.
  I believe it's possible that it is of NIL risk if the function is indeed
  dead code to imapd, but draw your own conclusions...
  (* Security fix *)
patches/packages/koffice-1.4.1-i486-2.tgz:  Patched.
  Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
  (* Security fix *)
patches/packages/libxml2-2.6.22-i486-1.tgz:  Upgraded to libxml2-2.6.22.
  This fixes an issue where libxml2 had declared a variable XML_FEATURE_UNICODE
  that was already used by the expat headers, causing PHP to fail to compile
  when using Slackware's combination of ./configure options.
patches/packages/lynx-2.8.5rel.5-i486-1.tgz:  Upgraded to lynx-2.8.5rel.5.
  Fixes an issue where the handling of Asian characters when using lynx to
  connect to an NNTP server (is this a common use?) could result in a buffer
  overflow causing the execution of arbitrary code.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
  (* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz:
  Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/php-4.4.1-i486-1.tgz:  Upgraded to php-4.4.1.
  Fixes a number of bugs, including several minor security fixes relating to
  the overwriting of the GLOBALS array.
  (* Security fix *)
patches/packages/pine-4.64-i486-1.tgz:  Upgraded to pine-4.64.
patches/packages/samba-3.0.20b-i486-1.tgz:  Upgraded to samba-3.0.20b.
  This includes various bugfixes.  Thanks to Christopher Linnet for reporting
  that this fixes a problem with printing to a printer on an XP machine from
  CUPS.  If you use such a configuration, you'll want this upgrade for sure.
patches/packages/wget-1.10.2-i486-1.tgz:  Upgraded to wget-1.10.2.
  This addresses a buffer overflow in wget's NTLM handling function that could
  have possible security implications.
  For more details, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
  (* Security fix *)
+--------------------------+
Thu Oct 13 13:57:25 PDT 2005
patches/packages/openssl-0.9.7g-i486-2.tgz:  Patched.
  Fixed a vulnerability that could, in rare circumstances, allow an attacker
  acting as a "man in the middle" to force a client and a server to negotiate
  the SSL 2.0 protocol (which is known to be weak) even if these parties both
  support SSL 3.0 or TLS 1.0.
  For more details, see:
    http://www.openssl.org/news/secadv_20051011.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
  (* Security fix *)
patches/packages/openssl-solibs-0.9.7g-i486-2.tgz:  Patched.
  (* Security fix *)
+--------------------------+
Mon Oct 10 15:15:24 PDT 2005
patches/packages/xine-lib-1.0.3a-i686-1.tgz:  Upgraded to xine-lib-1.0.3a.
  This fixes a format string bug where an attacker, if able to upload malicious
  information to a CDDB server and then get a local user to play a certain
  audio CD, may be able to run arbitrary code on the machine as the user
  running the xine-lib linked application.
  For more information, see:
    http://xinehq.de/index.php/security/XSA-2005-1
  (* Security fix *)
+--------------------------+
Wed Oct  5 13:05:39 PDT 2005
patches/packages/mozilla-thunderbird-1.0.7-i686-1.tgz:
  Upgraded to thunderbird-1.0.7.
  This fixes a security issue where URLs passed on the command line to the
  thunderbird shell script were not correctly protected against
  interpretation by the shell.  As a result, a malicious URL could contain
  embedded shell commands which would then be executed as the user running
  Thunderbird.
  For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#Thunderbird
  (* Security fix *)
+--------------------------+
Sun Sep 25 22:03:45 PDT 2005
patches/packages/x11-6.8.2-i486-4.tgz:  Rebuilt with a modified patch for
  an earlier pixmap overflow issue.  The patch released by X.Org was
  slightly different than the one that was circulated previously, and is
  an improved version.  There have been reports that the earlier patch
  broke WINE and possibly some other programs.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
  (* Security fix *)
patches/packages/x11-xdmx-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xnest-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/x11-xvfb-6.8.2-i486-4.tgz:  Patched and rebuilt.
patches/packages/mozilla-1.7.12-i486-1.tgz:  Upgraded to mozilla-1.7.12.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
patches/packages/mozilla-firefox-1.0.7-i686-1.tgz:  Upgraded to firefox-1.0.7.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  (* Security fix *)
+--------------------------+
Tue Sep 13 12:24:53 PDT 2005
Slackware 10.2 is released.
Thanks to everyone to helped make it possible.
Enjoy!  :-)
+--------------------------+
Tue Sep 13 10:54:29 PDT 2005
xap/gxine-0.4.8-i486-2.tgz:  Fixed gxine.desktop icon path.
  (Thanks to Peter Eszlari)
extra/isdn4k-utils/isdn4k-utils-CVS-2005-08-21.tar.bz2:
  Upgraded to a recent snapshot of isdn4k-utils.
+--------------------------+
Tue Sep 13 02:15:06 PDT 2005
x/x11-6.8.2-i486-3.tgz:  Patched an integer overflow in the X server pixmap
  memory allocation that could potentially allow any X user to execute
  arbitrary code with root privileges.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
  (* Security fix *)
x/x11-devel-6.8.2-i486-3.tgz:  Recompiled.
x/x11-docs-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-docs-html-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-fonts-100dpi-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-fonts-cyrillic-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-fonts-misc-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-fonts-scale-6.8.2-noarch-3.tgz:  Rebuilt.
x/x11-xdmx-6.8.2-i486-3.tgz:  Recompiled.
x/x11-xnest-6.8.2-i486-3.tgz:  Recompiled.
x/x11-xvfb-6.8.2-i486-3.tgz:  Recompiled.
+--------------------------+
Mon Sep 12 22:48:09 PDT 2005
a/util-linux-2.12p-i486-2.tgz:  Patched an issue with umount where if
  the umount failed when the '-r' option was used, the filesystem would
  be remounted read-only but without any extra flags specified in
  /etc/fstab.  This could allow an ordinary user able to mount a floppy
  or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a
  setuid binary from removable media and gain root privileges.
  Reported to BugTraq by David Watson:
    http://www.securityfocus.com/archive/1/410333
  (* Security fix *)
ap/mdadm-2.1-i486-1.tgz:  Upgraded to mdadm-2.1.
n/dnsmasq-2.23-i486-1.tgz:  Upgraded to dnsmasq-2.23.
n/nmap-3.93-i486-1.tgz:  Upgraded to nmap-3.93.
extra/k3b/k3b-0.12.4a-i486-1.tgz:  Upgraded to k3b-0.12.4a.
extra/k3b/k3b-i18n-0.12.4-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.4.
+--------------------------+
Mon Sep 12 19:02:13 PDT 2005
a/aaa_elflibs-10.2.0-i486-3.tgz:  Upgraded PCRE library.
a/dcron-2.3.3-i486-5.tgz:  Added a patch to keep dcron from improperly
  forking extra copies of itself in some circumstances.
  (Thanks to Henrik Carlqvist)
a/mkinitrd-1.0.1-i486-3.tgz:  Added tftp support to busybox, updated
  README.initrd examples to refer to the 2.6.13 kernel.
ap/sox-12.17.8-i486-1.tgz:  Upgraded to sox-12.17.8.
  (Thanks to Peter Eszlari)
ap/vorbis-tools-1.1.1-i486-1.tgz:  Upgraded to vorbis-tools-1.1.1.
  (Thanks to Peter Eszlari)
l/libvorbis-1.1.1-i486-1.tgz:  Upgraded to libvorbis-1.1.1.
  (Thanks to Peter Eszlari)
l/libxml2-2.6.21-i486-1.tgz:  Upgraded to libxml2-2.6.21.
l/libxslt-1.1.15-i486-1.tgz:  Upgraded to libxslt-1.1.15.
l/pcre-6.4-i486-1.tgz:  Upgraded to pcre-6.4.
n/dhcpcd-1.3.22pl4-i486-2.tgz:  Patched an issue where a remote attacker can
  cause dhcpcd to crash.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
  (* Security fix *)
n/wget-1.10.1-i486-3.tgz:  Install /etc/wgetrc properly.
  (Thanks to Fred Emmott)
xap/gftp-2.0.18-i486-1.tgz:  Upgraded to gftp-2.0.18.
  (Thanks to Peter Eszlari)
xap/gxine-0.4.7-i486-1.tgz:  Upgraded to gxine-0.4.8.
xap/sane-1.0.16-i486-1.tgz:  Upgraded to sane-backends-1.0.16.
xap/xchat-2.4.5-i486-1.tgz:  Upgraded to xchat-2.4.5.
xap/xpdf-3.01-i486-2.tgz:  Added missing Bulgarian.nameToUnicode.
  (Thanks to Dimitar Zhekov)
xap/xsane-0.97-i486-1.tgz:  Upgraded to xsane-0.97.
extra/slackpkg/slackpkg-1.5.2-noarch-2.tgz:
  Upgraded to slackpkg-1.5.2-noarch-2.  (Thanks to Piter Punk)
+--------------------------+
Sat Sep 10 22:21:22 PDT 2005
OK, everything was set in stone except for these things.  ;-)
There may still be a couple more changes (maybe), but this is pretty close.
a/aaa_base-10.2.0-noarch-2.tgz:  Fixed rp-pppoe version number in email
  to root.  (thanks to Piter Punk)
a/aaa_elflibs-10.2.0-i486-2.tgz:  Upgraded glib libraries to 2.6.6.
a/bash-3.0-i486-3.tgz:  Added bash patch bash30-016.
  (suggested by Fredrik Rinnestam and Xavier Thomassin)  
  Added a patch to prevent an issue with newer glibc versions and 2.4.x
  kernels that leads to a bash hang if bash is recompiled on such a system.
  (Thanks to Fredrik Rinnestam)
a/glibc-solibs-2.3.5-i486-5.tgz:  Recompiled against header files from
  linux 2.4.31 (linuxthreads version) and linux 2.6.13 (NPTL version).
a/glibc-zoneinfo-2.3.5-noarch-5.tgz:  Rebuilt.
ap/vim-6.3.086-i486-1.tgz:  Upgraded vim to patchlevel 86, and upgraded to
  ctags-5.5.4.
l/esound-0.2.36-i486-1.tgz:  Upgraded to esound-0.2.36.
l/glib2-2.6.6-i486-1.tgz:  Upgraded to glib-2.6.6.
l/glibc-2.3.5-i486-5.tgz:  Recompiled.
l/glibc-i18n-2.3.5-noarch-5.tgz:  Rebuilt.
l/glibc-profile-2.3.5-i486-5.tgz:  Recompiled.
l/gtk+2-2.6.10-i486-1.tgz:  Upgraded to gtk+-2.6.10.
l/pango-1.8.2-i486-1.tgz:  Upgraded to pango-1.8.2.
  Thanks to Giacomo Lozito for pointing the bugfix releases of glib, gtk+,
  and pango out.  The 2.8 series still needs time to stabilize and may present
  some compatibility issues (just a guess), and the version bump on atk-1.10.1
  makes me want to play it safe on that one as well.  We'll get to those in the
  next -current.
l/sdl-1.2.9-i486-1.tgz:  Upgraded to SDL-1.2.9, SDL_image-1.2.4,
  SDL_mixer-1.2.6, and SDL_ttf-2.0.7.
n/nmap-3.90-i486-1.tgz:  Upgraded to nmap-3.90.  (suggested by many :-)
n/wget-1.10.1-i486-2.tgz:  Change /etc/wgetrc to /etc/wgetrc.new so that it'll
  be protected from replacement the next time this package is upgraded.
  Suggested by Luigi Genoni.
xap/xvim-6.3.086-i486-1.tgz:  Upgraded X version of vim to patchlevel 86, and
  upgraded to ctags-5.5.4.
+--------------------------+
Thu Sep  8 17:48:59 PDT 2005
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.13-i486-1.tgz:
  Recompiled for 2.6.13.  Thanks to xgizzmo for catching the omission.
+--------------------------+
Thu Sep  8 13:24:58 PDT 2005
OK folks, this is just about ready to go.  Consider nearly everything to
be set in stone at this point, especially the kernels.  Zipslack has yet
to be built, and some of the documentation needs minor updating, but for
the most part this is how Slackware 10.2 is going to look.  Expect a
release to happen sometime within the next week or so.
    Also, a bit of advance warning:  I'm going to be removing most of the
ISO images for old Slackware releases from ftp.slackware.com in order to
make room for the new release, so if you're running a mirror site and
want to save those, move them elsewhere now before they go.  The ISO
images at slackware.osuosl.org in /pub/slackware-iso/ will remain, but
the ones at ftp.slackware.com and other sites under /pub/slackware are
all potentially on the chopping block.
a/aaa_base-10.2.0-noarch-1.tgz:  Bumped version number to 10.2.  Edited
  initial email.
a/aaa_elflibs-10.2.0-i486-1.tgz:  Updated initial library collection. 
a/bin-10.2-i486-1.tgz:  Upgraded to file-4.15.
a/cxxlibs-5.0.7-i486-1.tgz:  Upgraded to libstdc++.so.5.0.7 from gcc-3.3.6.
a/gawk-3.1.5-i486-1.tgz:  Upgraded to gawk-3.1.5.
a/hotplug-2004_09_23-noarch-5.tgz:  Fix a minor syntax error in rc.hotplug.
  (the logging test was always true even if syslogd was not running)
  Thanks to Luis Castilho.
  Blacklisted a new framebuffer module (arcfb.ko) in 2.6.13.
a/pkgtools-10.2.0-i486-5.tgz:  Upgraded to dialog-1.0-20050306, which fixes
  a bug that prevented the install-packages scripts from working.
  Thanks to Krzysztof Oledzki for pointing out this bug.
a/reiserfsprogs-3.6.19-i486-1.tgz:  Upgraded to reiserfsprogs-3.6.19.
a/usbutils-0.11-i486-3.tgz:  Upgraded to latest usb.ids.
  Note that newer versions of usbutils no longer include the usbmodules
  utility, which breaks hotplugging of USB devices on 2.4.x kernels, so until
  the default kernel is a 2.6.x version, this is the best version of usbutils
  to include.
a/utempter-1.1.3-i486-1.tgz:  Upgraded to libutempter-1.1.3.
ap/groff-1.19.1-i486-3.tgz:  Fixed a /tmp bug in groffer.  Groffer is a
  script to display formatted output on the console or X, and is not normally
  used in other scripts (for printers, etc) like most groff components are.
  The risk from this bug is probably quite low.  The fix was pulled from the
  just-released groff-1.19.2.  With Slackware 10.2 just around the corner it
  didn't seem prudent to upgrade to that -- the diff from 1.19.1 to 1.19.2
  is over a megabyte compressed.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969
  (* Security fix *)
ap/zsh-4.2.5-i486-1.tgz:  Upgraded to zsh-4.2.5.
d/clisp-2.35-i486-1.tgz:  Upgraded to clisp-2.35.
d/libtool-1.5.20-i486-1.tgz:  Upgraded to libtool-1.5.20.
d/subversion-1.2.3-i486-1.tgz:  Added subversion-1.2.3.  This will be the last
  last-minute addition in this release cycle.  Suggested by many.  :-)
kde/kdebase-3.4.2-i486-2.tgz:  Patched a bug in Konqueror's handling of
  characters such as '*', '[', and '?'.
  Generated new kdm config files.
  Added /opt/kde/man to $MANPATH.
  Patched a security bug in kcheckpass that could allow a local user to
  gain root privileges.
  For more information, see:
    http://www.kde.org/info/security/advisory-20050905-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
  (* Security fix *)
l/jre-1_5_0_04-i586-2.tgz:  Added /usr/lib/mozilla/plugins directory with a
  link to the Java plugin.
l/t1lib-5.1.0-i486-1.tgz:  Upgraded to t1lib-5.1.0.
n/dhcp-3.0.3-i486-1.tgz:  Upgraded to dhcp-3.0.3.
n/iproute2-2.6.11_050330-i486-2.tgz:  Fixed symlinks in /sbin.
  Thanks to Krzysztof Oledzki for the Makefile patch.
n/mod_ssl-2.8.24_1.3.33-i486-1.tgz:  Upgraded to mod_ssl-2.8.24-1.3.33.
  From the CHANGES file:
    Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was
    not enforced in per-location context if "SSLVerifyClient optional" was
    configured in the global virtual host configuration.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
  (* Security fix *)
n/openssh-4.2p1-i486-1.tgz:  Upgraded to openssh-4.2p1.
  From the OpenSSH 4.2 release announcement:
     SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused
     GatewayPorts to be incorrectly activated for dynamic ("-D") port
     forwardings when no listen address was explicitly specified.
  (* Security fix *)
n/php-4.4.0-i486-4.tgz:  Added --with-dom.  Suggested by Joao Carvalho.
n/ppp-2.4.4b1-i486-1.tgz:  Upgraded to ppp-2.4.4b1.  This should fix the issues
  people were having with demand dialing and persistant connections.
n/rp-pppoe-3.6-i486-1.tgz:  Upgraded to rp-pppoe-3.6.
  Thanks to Erik Jan Tromp for the build script improvements.
n/samba-3.0.20-i486-2.tgz:  Fixed /usr/doc/samba-3.0.20/docs/using_samba
  symlink.  Thanks to Valentin Avram for the bug report.
n/tcpip-0.17-i486-35.tgz:  Changed to a cleaner telnet patch borrowed from
  OpenBSD.  Two people, both using Slackware 9.1, informed me that the previous
  patch for telnet was causing a segfault when used with short hostnames from
  /etc/hosts (such as localhost).  If anyone is having a similar problem with
  other versions of Slackware, let me know.  Thanks to Dragan Simic for
  telling me about the improved patch.
  Fixed a minor syntax error in rc.inet1 in the test for syslogd.pid.
  (Thanks to Luis Castilho)
  Added brctl and vconfig.  (suggested by Jan Rafaj)
  Increased timeout for dhcpcd.
  Fixed a bit of bad grammar in rc.inet1.conf.  ("appending" -> "prepending")
  Added a new option "DHCP_IPADDR" to rc.inet1.conf to ask the DHCP server for
  a specific IP address.  (Thanks to James Michael Fultz for these last two)
n/wget-1.10.1-i486-1.tgz:  Upgraded to wget-1.10.1.
xap/jre-symlink-1.0.6-noarch-2:  Removed.  This is obsolete now that the Java
  packages contain symlinks in /usr/lib/mozilla/plugins and Mozilla and
  Firefox have been patched to search for plugins in that directory.
xap/mozilla-1.7.11-i486-2.tgz:  Patched mozilla startup script to
  search for plugins in /usr/lib/mozilla/plugins after searching in
  /usr/lib/mozilla-1.7.11/plugins.
xap/mozilla-firefox-1.0.6-i686-2.tgz:  Patched firefox startup script to
  search for plugins in /usr/lib/mozilla/plugins after searching in
  /usr/lib/firefox-1.0.6/plugins.
xap/xpdf-3.01-i486-1.tgz:  Upgraded to xpdf-3.01.
extra/bash-completion/bash-completion-20050721-noarch-1.tgz:
  Upgraded to bash-completion-20050721.
extra/brltty/brltty-3.6.1-i486-1.tgz:  Upgraded to brltty-3.6.1.
extra/grub/grub-0.97-i486-1.tgz:  Upgraded to grub-0.97.
  Thanks to Kent Robotti for the new version of grubconfig.
extra/jdk-1.5.0_04/jdk-1_5_0_04-i586-2.tgz:  Added /usr/lib/mozilla/plugins
  directory with a link to the Java plugin.
extra/slackpkg/slackpkg-1.5.1-noarch-2.tgz:
  Upgraded to slackpkg-1.5.1-noarch-2.  (Thanks to Piter Punk)
extra/slacktrack/slacktrack-1.26-i486-1.tgz: Upgraded to slacktrack-1.26_1.
  (Thanks to Stuart Winter)
extra/slacktrack/slacktrack-examples-v1.01.tar.gz:
  Upgraded slacktrack build script examples.
kernels/test26.s/:  Added a 2.6.13 install kernel.
rootdisks/install.*, isolinux/initrd.img:  Fixed install size estimate.
testing/packages/gnupg-1.4.2-i486-1.tgz:  Upgraded to gnupg-1.4.2.
testing/packages/linux-2.6.13/alsa-driver-1.0.9b_2.6.13-i486-1.tgz:
  Recompiled against Linux 2.6.13.
testing/packages/linux-2.6.13/kernel-generic-2.6.13-i486-1.tgz:
  Upgraded to Linux 2.6.13 generic kernel.
testing/packages/linux-2.6.13/kernel-headers-2.6.13-i386-1.tgz:
  Upgraded to Linux 2.6.13 kernel headers for x86.
testing/packages/linux-2.6.13/kernel-modules-2.6.13-i486-1.tgz:
  Upgraded to Linux 2.6.13 kernel modules.
testing/packages/linux-2.6.13/kernel-source-2.6.13-noarch-1.tgz:
  Upgraded to Linux 2.6.13 kernel source.
testing/packages/lvm2/device-mapper-1.01.04-i486-1.tgz:
  Upgraded to device-mapper.1.01.04.
testing/packages/lvm2/lvm2-2.01.09-i486-1.tgz:
  Upgraded to LVM2.2.01.09.
testing/packages/php-5.0.5/php-5.0.5-i486-4.tgz:
  Upgraded to php-5.0.5 with --with-dom and --with-curl options.
+--------------------------+
Tue Aug 30 13:01:43 PDT 2005
a/jfsutils-1.1.8-i486-1.tgz:  Upgraded to jfsutils-1.1.8.
a/pciutils-2.1.11-i486-6.tgz:  Updated pci.ids.
a/procps-3.2.5-i486-1.tgz:  Upgraded to procps-3.2.5.
  Thanks to Stuart Winter for informing me that newer 2.6 kernels needed this.
ap/espgs-8.15rc4-i486-1.tgz:  Upgraded to espgs-8.15rc4.
ap/mysql-4.1.14-i486-1.tgz:  Upgraded to mysql-4.1.14.
kde/kdeedu-3.4.2-i486-2.tgz:  Fixed a minor /tmp bug in kvoctrain.
  (* Security fix *)
l/pcre-6.3-i486-1.tgz:  Upgraded to pcre-6.3.
  This fixes a buffer overflow that could be triggered by the processing of a
  specially crafted regular expression.  Theoretically this could be a security
  issue if regular expressions are accepted from untrusted users to be
  processed by a user with greater privileges, but this doesn't seem like a
  common scenario (or, for that matter, a good idea).  However, if you are
  using an application that links to the shared PCRE library and accepts
  outside input in such a manner, you will want to update to this new package.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
n/php-4.4.0-i486-3.tgz:  Relinked with the system PCRE library, as the builtin
  library has a buffer overflow that could be triggered by the processing of a
  specially crafted regular expression.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
  Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
  insecure eval() function.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
  Recompiled with support for mbstring and cURL.
  Thanks to Gerardo Exequiel Pozzi for pointing out that the new MySQL uses
  UTF-8, which in turn requires that PHP support multibyte strings.  Also,
  thanks to Amrit for mentioning that the PHP cURL extentions are useful and
  should be included.
n/samba-3.0.20-i486-1.tgz:  Upgraded samba-3.0.20.
xap/gaim-1.5.0-i486-1.tgz:  Upgraded to gaim-1.5.0.
  This fixes some more security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
  (* Security fix *)
testing/packages/linux-2.6.12.5/alsa-driver-1.0.9b_2.6.12.5-i486-1.tgz
  Recompiled against Linux 2.6.12.5.
testing/packages/linux-2.6.12.5/kernel-generic-2.6.12.5-i486-1.tgz
  Upgraded to Linux 2.6.12.5 generic kernel.
testing/packages/linux-2.6.12.5/kernel-headers-2.6.12.5-i386-1.tgz
  Upgraded to Linux 2.6.12.5 kernel headers for x86.
testing/packages/linux-2.6.12.5/kernel-modules-2.6.12.5-i486-1.tgz
  Upgraded to Linux 2.6.12.5 kernel modules.
testing/packages/linux-2.6.12.5/kernel-source-2.6.12.5-noarch-1.tgz
  Upgraded to Linux 2.6.12.5 kernel source.
testing/packages/php-5.0.4/php-5.0.4-i486-3.tgz:  Relinked with the
  system PCRE library, as the builtin library has a buffer overflow
  that could be triggered by the processing of a specially crafted
  regular expression.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
  (* Security fix *)
  Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
  insecure eval() function.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
  (* Security fix *)
  Recompiled with support for mbstring, cURL, and XSLT.
  Thanks to Den (aka Diesel) for suggesting XSLT.
+--------------------------+
Thu Aug  4 22:33:48 PDT 2005
a/e2fsprogs-1.38-i486-2.tgz:  Make sure pkgconfig files go to the right
  place (/usr/lib/pkgconfig).  Thanks to Chad Corkrum.
n/links-2.1pre18-i486-1.tgz:  Upgraded to links-2.1pre18, which fixes some
  bugs in Javascript handling.  Suggested by Roberto Leandrini.
extra/bittornado/bittornado-0.3.12-noarch-1.tgz:  Upgraded to bittornado-0.3.12.
  Suggested by Adam Young.
+--------------------------+
Thu Aug  4 13:35:29 PDT 2005
a/sysvinit-2.84-i486-56.tgz:  Enable swapping again in rc.S after all local
  filesystems are mounted read-write.  This makes sure that swapfiles get
  activated with 2.6 kernels.  Thanks to Jingmin (Jimmy) Zhou.
a/e2fsprogs-1.38-i486-1.tgz:  Upgraded to e2fsprogs-1.38, needed for new
  ext2fs boot label support.  Thanks to Jerome Pinot for the heads-up.
l/taglib-1.4-i486-1.tgz:  Upgraded to taglib-1.4, which will be needed by
  various projects soon.  Thanks to Sergei Mutovkin.
xap/xmms-1.2.10-i486-3.tgz:  Patched a pause bug in XMMS.  Thanks to 
  Erik Jan Tromp for the bug report and patch.
extra/ham/gmfsk-0.6-i486-2.tgz:  Rebuilt to work with hamlib-1.2.4.
extra/ham/hamlib-1.2.4-i486-1.tgz:  Upgraded to hamlib-1.2.4 .
extra/ham/proj-4.4.9-i486-1.tgz:  Upgraded to proj-4.4.9.
extra/ham/tlf-0.9.23-i486-1.tgz:  Upgraded to tlf-0.9.23.
extra/ham/xastir-1.6.0-i486-1.tgz:  Upgraded to xastir-1.6.0.
extra/ham/xconvers-0.8.3-i486-1.tgz:  Upgraded to xconvers-0.8.3.
extra/ham/xlog-1.2.2-i486-1.tgz:  xlog-1.2.2.
  Thanks to Arno Verhoeven for all the ham radio package updates!
+--------------------------+
Tue Aug  2 22:34:49 PDT 2005
n/proftpd-1.2.10-i486-4.tgz:  Added mod_ctrls_admin module, which is needed to
  make use of --enable-ctrls.  Thanks again to Roberto Leandrini.
+--------------------------+
Tue Aug  2 15:34:18 PDT 2005
Hi folks,
I think it's time to consider this to be mostly frozen and concentrate on
beta testing in preparation for the Slackware 10.2 release, so there won't
be too many more upgrades and additions.  Things are going to be pretty
busy for me over the next couple of weeks besides working on getting 10.2
finalized, but let me know about any issues that need fixing before the
release and I'll get to them just as soon as I can.  Have fun!
kde/kdepim-3.4.2-i486-2.tgz:  Patched a bug in KMail.
n/proftpd-1.2.10-i486-3.tgz:  Recompiled with --enable-ctrls and
  --enable-ipv6.  Suggested by Roberto Leandrini.
xap/xine-lib-1.0.2-i686-1.tgz:  Upgraded to xine-lib-1.0.2.
xap/xine-ui-0.99.4-i686-1.tgz:  Upgraded to xine-ui-0.99.4.
extra/blackbox-0.70.0/blackbox-0.70.0-i486-1.tgz:  Added
  blackbox-0.70.0.  This isn't in slackware/xap because there were some
  things about it that struck me as not quite right, like the removal of
  i18n support, and that the themes didn't seem to work any more (or at
  least weren't included).  If it's something I'm doing wrong, let me know,
  otherwise this can stay here for now...
extra/slackpkg/slackpkg-1.5.0-noarch-3.tgz:  Upgraded to
  slackpkg-1.5.0-noarch-3 (fixed a mirror URL).
+--------------------------+
Mon Aug  1 11:25:46 PDT 2005
a/sysvinit-2.84-i486-55.tgz:  In rc.6, try to use 'rc.inet1 stop' to
  bring the network down.  Thanks to Eric Hameleers for reminding me
  that this sort of thing works now.  :-)
extra/k3b/k3b-0.12.3-i486-2.tgz:  Rebuilt to fix missing binaries.  I
  built this on the same machine, no changes to the build script other
  than bumping the build number to 2...  strange, but I'll take it.
extra/slackpkg/slackpkg-1.5.0-noarch-2.tgz:  Upgraded to
  slackpkg-1.5.0-noarch-2.  Thanks to Piter Punk.
+--------------------------+
Sun Jul 31 17:08:43 PDT 2005
a/sysvinit-2.84-i486-54.tgz:  In rc.6, try to use 'dhcpcd -k' to kill
  dhcpcd, otherwise a cache file is left behind which may cause problems.
  Thanks to Giacomo Rizzo for the bug report.
d/clisp-2.34-i486-1.tgz:  Upgraded to clisp-2.34.
d/doxygen-1.4.4-i486-1.tgz:  Upgraded to doxygen-1.4.4.
d/oprofile-0.9.1-i486-1.tgz:  Upgraded to oprofile-0.9.1.
n/iptables-1.3.3-i486-1.tgz:  Upgraded to iptables-1.3.3.
n/rsync-2.6.6-i486-1.tgz:  Upgraded to rsync-2.6.6.
n/tcpip-0.17-i486-34.tgz:  Upgraded ethtool to ethtool-3.
n/yptools-2.9-i486-1.tgz:  Upgraded to yp-tools-2.9, ypbind-mt-1.19.1,
  and ypserv-2.18.
xap/jre-symlink-1.0.6-noarch-2.tgz:  Upgraded symlink for Mozilla 1.7.11.
xap/mozilla-1.7.11-i486-1.tgz:  Upgraded to mozilla-1.7.11.
extra/k3b/k3b-0.12.3-i486-1.tgz:  Upgraded to k3b-0.12.3.
extra/k3b/k3b-i18n-0.12.3-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.3.
+--------------------------+
Sat Jul 30 13:01:25 PDT 2005
a/smartmontools-5.33-i486-1.tgz:  Upgraded to smartmontools-5.33.
a/udev-064-i486-2.tgz:  Commented out the new lines in udev.rules.  It seems
  like these aren't really needed now that the symlink in 
  /etc/hotplug.d/default/ was restored, and having them there causes a race
  race condition that can cause things like wireless adaptors that need to
  load firmware to fail to initialize.
  Thanks to Andreas Liebschner and Philip Langdale for helping debug this.
ap/espgs-8.15rc3-i486-2.tgz:  Removed libtool file that wasn't supposed to be
  in the package.  Thanks to Mark Post.  Also, I had a report that espgs was
  not printing margins properly with the Epson C64 printer.  If you notice
  issues like that it is best to send the reports directly to the espgs
  maintainers, as without the hardware in question (or even with, really)
  there's little that I can do to fix bugs such as that here.
ap/joe-3.3-i486-1.tgz:  Upgraded to joe-3.3.
ap/mc-4.6.1-i486-1.tgz:  Upgraded to mc-4.6.1.
e/emacs-21.4a-i486-2.tgz:  Patched emacs to change the order some X headers
  are included, which fixes a keyboard problem with some non-US keyboards
  when running under X.Org.  Thanks to Emanuele Vicentini for pointing out
  the issue and a patch.
e/emacs-nox-21.4a-i486-2.tgz:  Recompiled.
+--------------------------+
Fri Jul 29 10:33:59 PDT 2005
a/etc-5.1-noarch-10.tgz:  Added scanner group.
a/getty-ps-2.1.0b-i486-1.tgz:  Upgraded to getty-ps-2.1.0b.  Thanks to
  Jan Rafaj for providing additional bugfixes for this package.
a/hotplug-2004_09_23-noarch-4.tgz:  Changed firmware directory from
  /usr/lib/hotplug/firmware to /lib/firmware.
  Thanks to Lior Kadosh, Steve Caster, Lawrence Teo, Piter Punk, and
  Vidar Madsen, all of whom reported this.
a/pkgtools-10.2.0-i486-4.tgz:  Fixed toggling rc.dnsmasq and rc.saslauthd
  in setup.services.  Thanks to Eric Hameleers.
kde/koffice-1.4.1-i486-1.tgz:  Upgraded to koffice-1.4.1.
kde/kdeaccessibility-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdeaddons-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdeadmin-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdeartwork-3.4.2-i486-2.tgz:  Upgraded to KDE 3.4.2.
kde/kdebase-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdebindings-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdeedu-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdegames-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdegraphics-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdelibs-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdemultimedia-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdenetwork-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdepim-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdesdk-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdetoys-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdeutils-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdevelop-3.2.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kde/kdewebdev-3.4.2-i486-1.tgz:  Upgraded to KDE 3.4.2.
kdei/kde-i18n-*.tgz:  Upgraded to KDE 3.4.2 i18n packages.
kdei/koffice-l10n-*.tgz:  Upgraded to KOffice 1.4.1 l10n packages.
l/arts-1.4.2-i486-1.tgz:  Upgraded to arts-1.4.2.
l/fribidi-0.10.5-i486-1.tgz:  Added fribidi-0.10.5, needed by AbiWord and
  KDE.
l/jre-1_5_0_04-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 4.
n/links-2.1pre17-i486-2.tgz:  Recompiled without SDL, which was causing X
  libraries to be indirectly linked.  Thanks to Kirils Solovjovs.
n/tcpip-0.17-i486-33.tgz:  Patched rc.inet1 to make sure that an attempt is
  made to bring up the gateway whenever a new interface is loaded by hotplug.
  Added support to bring up/down ethernet aliases, like: IFNAME[2]="eth0:1"
  (Thanks to Andrey V. Panov for the aliases patch)
  Patched two overflows in the telnet client that could allow the execution
  of arbitrary code when connected to a malicious telnet server.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  (* Security fix *)
xap/abiword-2.2.9-i486-1.tgz:  Upgraded to abiword-2.2.9, which now links
  with the new fribidi package.  Thanks to Ryan Pavlik for telling me
  about the new release, and to the AbiWord team for all the great work.
extra/j2sdk-1.5.0_04/j2sdk-1_5_0_04-i586-1.tgz:  Upgraded to Java(TM) 2
  Platform Standard Edition Development Kit Version 5.0, Release 4.
+--------------------------+
Tue Jul 26 23:35:18 PDT 2005
ap/vim-6.3.085-i486-1.tgz:  Upgraded to patchlevel 85.
d/distcc-2.18.3-i486-2.tgz:  Recompiled distccmon-gnome to use only
  GTK+ libraries and not GNOME ones.
  Thanks to Lasse Collin for suggesting --without-gnome --with-gtk.
d/guile-1.6.7-i486-1.tgz:  Upgraded to guile-1.6.7.
n/links-2.1pre17-i486-1.tgz:  Upgraded to links-2.1pre17.
n/imapd-4.63-i486-1.tgz:  Upgraded to imapd from pine-4.63.
n/netatalk-2.0.3-i486-1.tgz:  Upgraded to netatalk-2.0.3.
n/pine-4.63-i486-1.tgz:  Upgraded to pine-4.63.
xap/mozilla-1.7.10-i486-2.tgz:  Fixed a folder switching bug.
  Thanks to Peter Santoro for pointing out the patch.
xap/xvim-6.3.085-i486-1.tgz:  Upgraded to patchlevel 85.
+--------------------------+
Mon Jul 25 00:21:30 PDT 2005
n/wireless-tools-27-i486-2.tgz:  Build against static libiw.
  (Thanks to Lech Szychowski)
+--------------------------+
Sun Jul 24 22:57:27 PDT 2005
n/nail-11.24-i486-1.tgz:  Upgraded to nail-11.24.
n/ppp-2.4.3-i486-1.tgz:  Upgraded to ppp-2.4.3 and radiusclient-0.3.2.
+--------------------------+
Sun Jul 24 17:50:37 PDT 2005
a/hotplug-2004_09_23-noarch-3.tgz:  Modified net.agent to use the new
  rc.inet1 syntax (thanks to Eric Hameleers), and added several new
  framebuffer modules and the eth1394 module to the blacklist.
a/pkgtools-10.2.0-i486-3.tgz:  Added saslauthd and dnsmasq to the services
  setup menu.
a/sysvinit-2.84-i486-53.tgz:  Added support in /etc/rc.d/rc.M for
  starting /etc/rc.d/rc.dnsmasq and /etc/rc.d/rc.saslauthd.
a/udev-064-i486-1.tgz:  Upgraded to udev-064.  With the help of two new
  lines in udev.rules, and a symlink added in /etc/hotplug.d/default that
  used to be added by earlier versions of hotplug, udev-064 appears to be
  working!  Thanks to Piter Punk for the rules and Kris Karas for the link.
l/libxml2-2.6.20-i486-1.tgz:  Upgraded to libxml-2.6.20.
n/cyrus-sasl-2.1.21-i486-1.tgz:  Upgraded to cyrus-sasl-2.1.21,
  added missing /var/state/saslauthd directory and /etc/rc.d/rc.saslauthd
  startup script.  Thanks to Piter Punk for the help.
n/iproute2-2.6.11_050330-i486-1.tgz:  Upgraded to iproute2-2.6.11-050330.
n/lftp-3.2.1-i486-1.tgz:  Upgraded to lftp-3.2.1.
n/sendmail-8.13.4-i486-1.tgz:  Upgraded to sendmail-8.13.4 compiled with
  SASL support.  Added a new cf file that supports SASL (this is not the
  one installed by default):
    /usr/share/sendmail/sendmail-slackware-tls-sasl.cf
  Thanks to Joshua Rubin and Piter Punk for the help with SASL support.
n/sendmail-cf-8.13.4-noarch-1.tgz:   Upgraded to sendmail-8.13.4, and
  added a new sendmail-slackware-tls-sasl.mc config file.
n/tcpip-0.17-i486-32.tgz:  Merged in many improvements to rc.inet1
  scripts to allow alternate interface names and better networking
  support.  Thanks to Eric Hameleers for the really great job on this!
  When starting rc.portmap for NFS clients, also start rpc.lockd and
  rpc.statd, otherwise some Java applications may have problems due to a
  lack of locking.  Thanks to Dominik L. Borkowski and Piter Punk for
  pointing out this issue.
n/wireless-tools-27-i486-1.tgz:  Upgraded to wireless_tools.27.
  Thanks to Eric Hameleers for the improved rc.wireless scripts.
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Fix /dev/urandom device (thanks to Daniel de Kok).
  Bumped version number to 10.2.
+--------------------------+
Fri Jul 22 13:54:50 PDT 2005
ap/alsa-utils-1.0.9a-i486-2.tgz:  Patched rc.alsa to try to load the OSS
  compatibility modules with both 2.4 and 2.6 kernels.
  Thanks to Cal Peake for the bug report.
ap/mysql-4.1.13-i486-1.tgz:  Upgraded to mysql-4.1.13.
l/zlib-1.2.3-i486-1.tgz:  Upgraded to zlib-1.2.3.
  This fixes an additional crash not fixed by the patch to zlib-1.2.2.
  (* Security fix *)
n/fetchmail-6.2.5.2-i486-1.tgz:  Upgraded to fetchmail-6.2.5.2.
  This fixes an overflow by which malicious or compromised POP3 servers 
  may overflow fetchmail's stack.
  For more information, see:
    http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
  (* Security fix *)
xap/gxine-0.4.6-i486-1.tgz:  Upgraded to gxine-0.4.6.
  This fixes a format string vulnerability that allows remote attackers to
  execute arbitrary code via a ram file with a URL whose hostname contains
  format string specifiers.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1692
  (* Security fix *)
xap/xlockmore-5.18-i486-1.tgz:  Upgraded to xlockmore-5.18.
+--------------------------+
Fri Jul 22 10:33:41 PDT 2005
a/udev-058-i486-2.tgz:  Added a line to udev.rules to (hopefully) help
  with the ALSA issues:
  KERNEL="controlC[0-9]",  NAME="snd/%k", MODE="0666"
  Now, it would seem to me that the already-existing line:
  KERNEL="controlC[0-9]*", NAME="snd/%k", MODE="0666"
  ...should have already covered this.  It works with previous versions
  of udev just fine, and this seems to me to be a udev bug.  Oh well,
  give it a test and let me know if it's still causing any problems, in
  which case I'll probably go back to 054 for the Slackware 10.2 release.
  I'd rather not spend the next couple of months dorking around with
  udev problems and not getting a Slackware release out because of it.
  Thanks to Andris Pavenis for the one line udev.rules fix.
ap/groff-1.19.1-i486-2.tgz:  Fixed missing gxditview man page.
  Thanks to Stuart Winter.
kde/kdenetwork-3.4.1-i486-2.tgz:  Patched overflows in libgadu (used by
  kopete) that can cause a denial of service or arbitrary code execution.
  For more information, see:
    http://www.kde.org/info/security/advisory-20050721-1.txt
  (* Security fix *)
xap/abiword-2.2.8-i486-1.tgz:  Upgraded to abiword-2.2.8.
xap/fluxbox-0.9.13-i486-1.tgz:  Upgraded to fluxbox-0.9.13.
xap/jre-symlink-1.0.6-noarch-1.tgz:  Upgraded for firefox-1.0.6 and
  Mozilla 1.7.10.
xap/mozilla-firefox-1.0.6-i686-1.tgz:  Upgraded to firefox-1.0.6.
xap/mozilla-1.7.10-i486-1.tgz:  Upgraded to mozilla-1.7.10.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
  (* Security fix *)
xap/mozilla-thunderbird-1.0.6-i686-1.tgz:  Upgraded to thunderbird-1.0.6.
xap/windowmaker-0.92.0-i486-1.tgz:  Upgraded to WindowMaker-0.92.0.
testing/packages/php-5.0.4/php-5.0.4-i486-2.tgz:  Recompiled against
  mysql-4.1.12.  Thanks to Tyler McGrath for pointing out this needed
  to be done.
+--------------------------+
Wed Jul 20 16:17:08 PDT 2005
a/glibc-solibs-2.3.5-i486-4.tgz:  Recompiled, as I forgot that with both
  linuxthreads and NPTL versions of glibc that the patch would have to be
  applied twice.  Thanks again to Dirk van Deun for pointing out my error.
a/glibc-zoneinfo-2.3.5-noarch-4.tgz:  Rebuilt.
l/glibc-2.3.5-i486-4.tgz:  Recompiled.
l/glibc-i18n-2.3.5-noarch-4.tgz:  Rebuilt.
l/glibc-profile-2.3.5-i486-4.tgz:  Recompiled.
+--------------------------+
Wed Jul 20 09:59:03 PDT 2005
a/glibc-solibs-2.3.5-i486-3.tgz:  Recompiled with a patch to fix logging
  in using NIS netgroups.  Thanks to Dirk van Deun for the bug report and
  patch.
a/glibc-zoneinfo-2.3.5-noarch-3.tgz:  Rebuilt.
a/sysvinit-2.84-i486-52.tgz:  In /etc/rc.d/rc.S, try to umount
  /initrd/proc/ before umounting /initrd/.
a/udev-058-i486-1.tgz:  Switched to udev-058, as newer versions still have
  problems (these are probably caused by the elimination of the
  /etc/hotplug.d/ directory, as this used to contain a link to udevstart).
  It was pointed out that udev-062 and udev-063 do create the missing
  devices if you run udevstart after boot (and possibly after plugging in
  new devices), but udev-058 is working fine without any kludges and seems
  to be the most stable version to use with 2.6.12.* kernels.  Also, made
  a fix in /etc/udev/scripts/make_extra_nodes to set a default LANG before
  calling /bin/ls to look for cdrom and dvd devices (not all LANG settings
  will produce the same number of fields with ls, which can break cd/dvd
  symlinks).  Thanks to Lukasz Stelmach for pointing out this bug.
e/emacs-21.4a-i486-1.tgz:  Upgraded to emacs-21.4a.
  This fixes a vulnerability in the movemail utility when connecting to a
  malicious POP server that may allow the execution of arbitrary code as
  the user running emacs.
  (* Security fix *)
e/emacs-info-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
e/emacs-leim-21.4-noarch-1.tgz:  Upgraded to leim-21.4.
e/emacs-lisp-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
e/emacs-misc-21.4a-noarch-1.tgz:  Upgraded to emacs-21.4a.
e/emacs-nox-21.4a-i486-1.tgz:  Upgraded to emacs-21.4a.
f/linux-howtos-20050718-noarch-1.tgz:  Upgraded to Linux-HOWTOs-20050718.
l/glibc-2.3.5-i486-3.tgz:  Recompiled with NIS netgroups patch.
l/glibc-i18n-2.3.5-noarch-3.tgz:  Rebuilt.
l/glibc-profile-2.3.5-i486-3.tgz  Recompiled with NIS netgroups patch.
n/dnsmasq-2.22-i486-1.tgz:  Upgraded to dnsmasq-2.22.
  This fixes an off-by-one overflow vulnerability may allow a DHCP
  client to create a denial of service condition.  Additional code was
  also added to detect and defeat attempts to poison the DNS cache.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0876
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0877
  (* Security fix *)
n/getmail-4.3.11-noarch-1.tgz:  Upgraded to getmail-4.3.11.
kde/koffice-1.4.0b-i486-1.tgz:  Upgraded to koffice-1.4.0b.
tcl/expect-5.43.0-i486-1.tgz:  Upgraded to expect-5.43.0.
tcl/tcl-8.4.11-i486-1.tgz:  Upgraded to tcl-8.4.11.
tcl/tclx-8.3.5-i486-2.tgz:  Recompiled.
tcl/tix-8.1.4-i486-2.tgz:  Recompiled.
tcl/tk-8.4.11-i486-1.tgz:  Upgraded to tk-8.4.11.
xap/xchat-2.4.4-i486-1.tgz:  Upgraded to xchat-2.4.4 (and compiled against
  the new version of perl.  Thanks to Steven E. Woolard for pointing out
  that the old xchat package was still depending on the old perl.  I've
  been known to forget about that one since it doesn't put anything under
  /usr/lib/perl/...)
testing/packages/linux-2.6.12.3/alsa-driver-1.0.9b_2.6.12.3-i486-1.tgz:
  Recompiled against Linux 2.6.12.3.
testing/packages/linux-2.6.12.3/kernel-generic-2.6.12.3-i486-1.tgz:
  Upgraded to Linux 2.6.12.3 generic kernel.
testing/packages/linux-2.6.12.3/kernel-headers-2.6.12.3-i386-1.tgz
  Upgraded to Linux 2.6.12.3 kernel headers for x86.
testing/packages/linux-2.6.12.3/kernel-modules-2.6.12.3-i486-1.tgz
  Upgraded to Linux 2.6.12.3 kernel modules.
testing/packages/linux-2.6.12.3/kernel-source-2.6.12.3-noarch-1.tgz
  Upgraded to Linux 2.6.12.3 kernel source.
+--------------------------+
Fri Jul 15 00:31:30 PDT 2005
testing/packages/gcc-3.4.4/gcc-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-g++-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-g77-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-gnat-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-java-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
testing/packages/gcc-3.4.4/gcc-objc-3.4.4-i486-1.tgz:  Upgraded to gcc-3.4.4.
+--------------------------+
Thu Jul 14 16:02:40 PDT 2005
a/devs-2.3.1-noarch-22.tgz:  Added /dev/ACM* devices.
  (Thanks to Manolis Tzanidakis)
a/pkgtools-10.2.0-i486-2.tgz:  Merged in Jim Hawkins' fixed speed
  optimizations for pkgtool.
a/udev-062-i486-1.tgz:  Upgraded to udev-062.
  This seems to be broken with regard to ALSA devices...  I'd suggest
  anyone using a 2.6 kernel "chmod 644 /etc/rc.d/rc.udev" unless you want
  to help locate and report bugs.  It's also possible that this has
  something to do with the ever-changing syntax used in the udev.rules
  config file.  If you find any problems that can be attributed to that,
  fixes would be appreciated.  For now, rc.udev will be off by default.
ap/mysql-4.1.12-i486-1.tgz:  Upgraded to mysql-4.1.12.
ap/texinfo-4.8-i486-1.tgz:  Upgraded to texinfo-4.8.
d/perl-5.8.7-i486-1.tgz:  Upgraded to perl-5.8.7, DBD-mysql-3.0002,
  and DBI-1.48.
kde/kdebindings-3.4.1-i486-2.tgz:  Recompiled against perl-5.8.7 and
  j2sdk-1_5_0_03.
kde/koffice-1.4.0a-i486-2.tgz:  Recompiled against mysql-4.1.12.
kde/qt-3.3.4-i486-2.tgz:  Recompiled against mysql-4.1.12.
n/bitchx-1.1-i486-2.tgz:  Recompiled against mysql-4.1.12.
n/irssi-0.8.9-i486-7.tgz:  Recompiled against perl-5.8.7.
n/php-4.4.0-i486-2.tgz:  Recompiled against mysql-4.1.12.
n/popa3d-1.0-i486-1.tgz:  Upgraded to popa3d-1.0.
n/tcpdump-3.9.3-i486-1.tgz:  Upgraded to libpcap-0.9.3 and tcpdump-3.9.3.
  This fixes an issue where an invalid BGP packet can cause tcpdump to
  go into an infinate loop, effectively disabling network monitoring.
  (* Security fix *)
n/vsftpd-2.0.3-i486-1.tgz:  Upgraded to vsftpd-2.0.3.
x/x11-6.8.2-i486-2.tgz:  Reverted to the 6.8.1 version of the ATI Rage128
  DRI module, as there's an undefined symbol in the newer version that
  prevents it from loading and breaks direct rendering for these cards.
  This bug has been reported on the freedesktop,org site but appears to
  have been closed without a fix...
  To observe the problem, on a system with a Rage128 card and DRI
  configured, use this command:  LIBGL_DEBUG=verbose glxinfo
  (Thanks to Andrey V. Panov for the bug report)
xap/gaim-1.4.0-i486-1.tgz:  Upgraded to gaim-1.4.0.
xap/imagemagick-6.2.3_3-i486-1.tgz:  Upgraded to ImageMagick-6.2.3-3.
xap/jre-symlink-1.0.5-noarch-1.tgz:  Upgraded for firefox-1.0.5.
xap/mozilla-firefox-1.0.5-i686-1.tgz:  Upgraded to mozilla-firefox-1.0.5.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
  (* Security fix *)
xap/mozilla-thunderbird-1.0.5-i686-1.tgz:  Upgraded to thunderbird-1.0.5.
  This fixes several security issues.  For more information, see:
  http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird1.0.5
  (* Security fix *)
xap/xscreensaver-4.22-i486-2.tgz:  Fixed location of man pages.
  (Thanks to Alak Trakru)
xap/xv-3.10a-i486-4.tgz:  Upgraded to the latest XV jumbo patches,
  xv-3.10a-jumbo-fix-patch-20050410 and xv-3.10a-jumbo-enh-patch-20050501.
  These fix a number of format string and other possible security issues in
  addition to providing many other bugfixes and enhancements.
  (Thanks to Greg Roelofs)
  (* Security fix *)
testing/packages/linux-2.6.12.2/alsa-driver-1.0.9b_2.6.12.2-i486-1.tgz:
  Recompiled for Linux 2.6.12.2.
testing/packages/linux-2.6.12.2/kernel-generic-2.6.12.2-i486-1.tgz
  Upgraded to Linux 2.6.12.2 generic kernel (added loopback).
testing/packages/linux-2.6.12.2/kernel-headers-2.6.12.2-i386-1.tgz
  Upgraded to Linux 2.6.12.2 kernel headers.
testing/packages/linux-2.6.12.2/kernel-modules-2.6.12.2-i486-1.tgz
  Upgraded to Linux 2.6.12.2 kernel modules.
testing/packages/linux-2.6.12.2/kernel-source-2.6.12.2-noarch-1.tgz
  Upgraded to Linux 2.6.12.2 kernel sources.
bootdisks/*:  Regenerated bootdisks with "Slackware 10.2" label.
extra/bittorrent/bittorrent-4.1.3-noarch-1.tgz:  Upgraded to bittorrent-4.1.3.
extra/slackpkg/slackpkg-1.4.1-noarch-5.tgz:  Upgraded to
  slackpkg-1.4.1-noarch-5.  (Thanks to Piter Punk)
extra/slacktrack/slacktrack-1.25-i486-1.tgz:  Upgraded to slacktrack-1.25_1.
  (Thanks to Stuart Winter)
+--------------------------+
Mon Jul 11 15:06:22 PDT 2005
n/php-4.4.0-i486-1.tgz:  Upgraded to php-4.4.0.
  This new PHP package fixes a PEAR XML_RPC vulnerability.  Sites that use 
  this PEAR class should upgrade to the new PHP package, or as a minimal
  fix may instead upgrade the XML_RPC PEAR class with the following command:
    pear upgrade XML_RPC
  (* Security fix *)
+--------------------------+
Sun Jul 10 22:33:04 PDT 2005
a/pkgtools-10.2.0-i486-1.tgz:  In xorgsetup, don't load the freetype module
  twice in the outputted xorg.conf file.  Also, fix the formatting of the
  xorg.conf file.  Thanks to Jonathan Woithe for the fixes!
d/gcc-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
d/gcc-g++-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
d/gcc-g77-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
d/gcc-gnat-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
d/gcc-java-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
d/gcc-objc-3.3.6-i486-1.tgz:  Upgraded to gcc-3.3.6.
kde/kdeartwork-3.4.1-i486-2.tgz:  Patched to fix using screensavers from
  xscreensaver >= 4.21.  Thanks to Chris Linnet for the fix!
l/libtiff-3.7.3-i486-1.tgz:  Upgraded to libtiff-3.7.3.
n/iptables-1.3.2-i486-1.tgz:  Upgraded to iptables-1.3.2.
n/rsync-2.6.5-i486-1.tgz:  Upgraded to rsync-2.6.5.
tcl/hfsutils-3.2.6-i486-3.tgz:  Patched to include <errno.h>, and recompiled
  to fix problems on systems using NPTL.  Thanks to Dominik L. Borkowski for
  pointing out the issue.
xap/gkrellm-2.2.7-i486-1.tgz:  Upgraded to gkrellm-2.2.7.
xap/xscreensaver-4.22-i486-1.tgz:  Upgraded to xscreensaver-4.22.
+--------------------------+
Fri Jul  8 13:44:53 PDT 2005
l/gnet-2.0.7-i486-3.tgz:  Fixed a missing '\' in the ./configure part
  of the build that was causing the --prefix to be ignored (and which
  I'd formulated an unnecessary patch to work around).  Thanks to orlan.
l/libexif-0.6.12-i486-2.tgz:  Included a patch from CVS to fix loading
  of JPEGs from certain digital cameras in GIMP.  This fix has been in
  CVS for months, and many people have pointed it out here.  Sorry about
  the delay in fixing it, but I thought for sure upstream would have
  issued a new release by now (long ago, really.)
l/zlib-1.2.2-i486-2.tgz:  Patched an overflow in zlib that could cause
  applications using zlib to crash.  The overflow does not involve user
  supplied data, and therefore does not allow the execution of arbitrary
  code.  However, it could still be used by a remote attacker to create
  a denial of service.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
  (* Security fix *)
xap/gimp-2.2.8-i486-1.tgz:  Upgraded to gimp-2.2.8.
+--------------------------+
Thu Jun 23 16:06:53 PDT 2005
ap/groff-1.19.1-i486-1.tgz:  Upgraded to groff-1.19.1.
  I'd been putting this off upgrade off because of problems caused by
  newer groff versions defaulting to ANSI color output, but found a patch
  for man.local and mdoc.local that makes man pages render without color
  by default.  Hopefully this new groff version won't contain any other
  surprises, but I think that was the big one...
ap/man-1.5p-i486-1.tgz:  Upgraded to man-1.5p.
ap/vim-6.3.078-i486-1.tgz:  Upgraded to patchlevel 78.
kde/koffice-1.4.0a-i486-1.tgz:  Upgraded to koffice-1.4.0a.
  (This requires the new libgsf and libwpd packages)
kdei/koffice-l10n-*.tgz:  Upgraded to new KOffice translation packages.
l/libgsf-1.12.1-i486-1.tgz:  Upgraded to libgsf-1.12.1.
l/libwpd-0.8.2-i486-1.tgz:  Added libwpd-0.8.2 (needed by KWord).
n/wget-1.10-i486-1.tgz:  Upgraded to wget-1.10.
xap/xvim-6.3.078-i486-1.tgz:  Upgraded to patchlevel 78.
+--------------------------+
Tue Jun 21 21:56:16 PDT 2005
ap/sudo-1.6.8p9-i486-1.tgz:  Upgraded to sudo-1.6.8p9.
  This new version of Sudo fixes a race condition in command pathname handling
  that could allow a user with Sudo privileges to run arbitrary commands.
  For full details, see the Sudo site:
    http://www.courtesan.com/sudo/alerts/path_race.html
  (* Security fix *)
l/gtk+2-2.6.8-i486-1.tgz:  Upgraded to gtk+-2.6.8.
  Fixed /etc/gtk-2.0/gdk-pixbuf.loaders to list the SVG loader (svg_loader.so).
  (Thanks very much to Alastair Poole for noticing that XFCE was not loading
  SVG icons correctly, figuring out the problem, and sending in a fix)
+--------------------------+
Sun Jun 19 21:45:07 PDT 2005
l/jre-1_5_0_03-i586-1.tgz:  This already-issued package fixes some
  recently announced security issues that could allow applets to read
  or write to local files.  See:
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
  (* Security fix *)
extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz:  Fixed the slack-desc
  to not include the release version to prevent future mishaps. :-)
  This already-issued package fixes some recently announced security
  issues that could allow applets to read or write to local files.
  See:
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
  (* Security fix *)
+--------------------------+
Tue Jun 14 18:40:39 PDT 2005
ap/flac-1.1.2-i486-2.tgz:  Patched the XMMS plugin.
  (thanks to Wim Speekenbrink for the patch)
l/glib2-2.6.5-i486-1.tgz:  Upgraded to glib-2.6.5.
extra/k3b/k3b-0.12-i486-1.tgz:  Upgraded to k3b-0.12.
extra/k3b/k3b-i18n-0.12-noarch-1.tgz:  Upgraded to k3b-i18n-0.12.
+--------------------------+
Sun Jun 12 21:48:25 PDT 2005
a/bzip2-1.0.3-i486-1.tgz:  Upgraded to bzip2-1.0.3.
a/openssl-solibs-0.9.7g-i486-1.tgz:  Upgraded to openssl-0.9.7g libraries.
a/tcsh-6.14.00-i486-1.tgz:  Upgraded to tcsh-6.14.00.
ap/espgs-8.15rc3-i486-1.tgz:  Upgraded to espgs-8.15rc3, which should fix
  problems with PNG and PDF while we wait for a final release on this one.
ap/flac-1.1.2-i486-1.tgz:  Upgraded to flac-1.1.2.  Note that the library
  versions for FLAC have changed, so anything using the FLAC libraries
  will need to be recompiled.  If I've missed anything, let me know.
ap/vorbis-tools-1.0.1-i486-4.tgz:  Recompiled against new Ogg/FLAC libraries.
d/doxygen-1.4.3-i486-1.tgz:  Upgraded to doxygen-1.4.3.
kde/kdeaccessibility-3.4.1-i486-1.tgz:  Upgraded to kdeaccessibility-3.4.1.
kde/kdeaddons-3.4.1-i486-1.tgz:  Upgraded to kdeaddons-3.4.1.
kde/kdeadmin-3.4.1-i486-1.tgz:  Upgraded to kdeadmin-3.4.1.
kde/kdeartwork-3.4.1-i486-1.tgz:  Upgraded to kdeartwork-3.4.1.
kde/kdebase-3.4.1-i486-1.tgz:  Upgraded to kdebase-3.4.1.
kde/kdebindings-3.4.1-i486-1.tgz:  Upgraded to kdebindings-3.4.1.
kde/kdeedu-3.4.1-i486-1.tgz:  Upgraded to kdeedu-3.4.1.
kde/kdegames-3.4.1-i486-1.tgz:  Upgraded to kdegames-3.4.1.
kde/kdegraphics-3.4.1-i486-1.tgz:  Upgraded to kdegraphics-3.4.1.
kde/kdelibs-3.4.1-i486-1.tgz:  Upgraded to kdelibs-3.4.1.
kde/kdemultimedia-3.4.1-i486-1.tgz:  Upgraded to kdemultimedia-3.4.1.
kde/kdenetwork-3.4.1-i486-1.tgz:  Upgraded to kdenetwork-3.4.1.
kde/kdepim-3.4.1-i486-1.tgz:  Upgraded to kdepim-3.4.1.
kde/kdesdk-3.4.1-i486-1.tgz:  Upgraded to kdesdk-3.4.1.
kde/kdetoys-3.4.1-i486-1.tgz:  Upgraded to kdetoys-3.4.1.
kde/kdeutils-3.4.1-i486-1.tgz:  Upgraded to kdeutils-3.4.1.
kde/kdevelop-3.2.1-i486-1.tgz:  Upgraded to kdevelop-3.2.1.
kde/kdewebdev-3.4.1-i486-1.tgz:  Upgraded to kdewebdev-3.4.1.
kdei/kde-i18n-*-3.4.1-noarch-1.tgz:  Upgraded to KDE 3.4.1 i18n packages.
l/arts-1.4.1-i486-1.tgz:  Upgraded to arts-1.4.1.
l/aspell-0.60.2-i486-1.tgz:  Upgraded to aspell-0.60.2.
  Moved aspell data files into /usr/lib/aspell where most things look for them
  rather than the default of /usr/lib/aspell-<VERSION>.
l/aspell-en-6.0_0-noarch-3.tgz:  Moved data files into /usr/lib/aspell.
l/gnet-2.0.7-i486-2.tgz:  Patched ./configure to not put the package
  into /usr/local.  Thanks to orlan for pointing out the problem.
l/jre-1_5_0_03-i586-1.tgz:  Upgraded to Java(TM) 2 Platform Standard Edition
  Runtime Environment Version 5.0, Release 3.
l/libao-0.8.6-i486-1.tgz:  Upgraded to libao-0.8.6.
l/libogg-1.1.2-i486-1.tgz:  Upgraded to libogg-1.1.2.
l/libvorbis-1.1.0-i486-1.tgz:  Upgraded to libvorbis-1.1.0.
n/openssh-4.1p1-i486-1.tgz:  Upgraded to openssh-4.1p1.
n/openssl-0.9.7g-i486-1.tgz:  Upgraded to openssl-0.9.7g.
xap/gaim-1.3.1-i486-1.tgz:  Upgraded to gaim-1.3.1 and gaim-encryption-2.38.
  This fixes a couple of remote crash bugs, so users of the MSN and
  Yahoo! chat protocols should upgrade to gaim-1.3.1.
  (* Security fix *)
xap/gimp-2.2.7-i486-1.tgz:  Upgraded to gimp-2.2.7.
xap/gimp-help-2-0.8-noarch-1.tgz:  Upgraded to gimp-help-2-0.8.
xap/imagemagick-6.2.3_0-i486-1.tgz:  Upgraded to ImageMagick-6.2.3-0.
xap/xine-lib-1.0.1-i686-2.tgz:  Recompiled against new Ogg/FLAC libraries.
extra/aspell-word-lists:  Updated and added several dictionaries, and moved
  all data files from /usr/lib/aspell-0.60 to /usr/lib/aspell.
extra/j2sdk-1.5.0_03/j2sdk-1_5_0_03-i586-1.tgz:  Upgraded to Java(TM) 2
  Platform Standard Edition Development Kit Version 5.0, Release 3.
+--------------------------+
Wed Jun  8 22:25:08 PDT 2005
ap/alsa-utils-1.0.9a-i486-1.tgz:  Upgraded to alsa-utils-1.0.9a.
l/alsa-driver-1.0.9b_2.4.31-i486-1.tgz:  Upgraded to alsa-driver-1.0.9b,
  which works great with both 2.4 and 2.6 kernels.
  Big thanks to the ALSA developers for the quick fix!  :-)
l/alsa-lib-1.0.9-i486-1.tgz:  Upgraded to alsa-lib-1.0.9.
l/alsa-oss-1.0.9-i486-1.tgz:  Upgraded to alsa-oss-1.0.9.
l/gnet-2.0.7-i486-1.tgz:  Upgraded to gnet-2.0.7.
l/lcms-1.14-i486-1.tgz:  Upgraded to lcms-1.14.
l/lesstif-0.94.4-i486-1.tgz:  Upgraded to lesstif-0.94.4.
l/libexif-0.6.12-i486-1.tgz:  Upgraded to libexif-0.6.12.
l/libgsf-1.12.0-i486-1.tgz:  Upgraded to libgsf-1.12.0.
l/libidn-0.5.17-i486-1.tgz:  Upgraded to libidn-0.5.17.
l/libieee1284-0.2.10-i486-1.tgz:  Upgraded to libieee1284-0.2.10.
l/libtiff-3.7.2-i486-1.tgz:  Upgraded to tiff-3.7.2.
l/libungif-4.1.3-i486-1.tgz:  Upgraded to libungif-4.1.3.
l/libwmf-0.2.8.3-i486-1.tgz:  Upgraded to libwmf-0.2.8.3.
l/libwmf-docs-0.2.8.3-noarch-1.tgz:  Upgraded to libwmf-0.2.8.3 docs.
l/mhash-0.9.2-i486-1.tgz:  Upgraded to mhash-0.9.2.
n/samba-3.0.14a-i486-1.tgz:  Upgraded to samba-3.0.14a.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.31-i486-1.tgz:
  Recompiled for Linux 2.4.31.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.11-i486-1.tgz
  Recompiled for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/alsa-driver-1.0.9b_2.6.11.11-i486-1.tgz:
  Upgraded to alsa-driver-1.0.9b (compiled for Linux 2.6.11.11).
+--------------------------+
Mon Jun  6 20:23:40 PDT 2005
a/kernel-ide-2.4.31-i486-1.tgz:  Upgraded to Linux 2.4.31.
a/kernel-modules-2.4.31-i486-1.tgz:  Upgraded to Linux 2.4.31 kernel modules.
d/kernel-headers-2.4.31-i386-1.tgz:
  Upgraded to kernel headers from Linux 2.4.31.
k/kernel-source-2.4.31-noarch-1.tgz:  Upgraded to Linux 2.4.31.
l/alsa-driver-1.0.8_2.4.31-i486-1.tgz:  Recompiled for Linux 2.4.31.
  alsa-driver-1.0.9a was tested, but attempting to load snd.o produces some
  unresolved symbol errors (class_device_destroy and class_device_create).
  Seems that the new version of ALSA requires some new features of the 2.6.x
  kernel series.  ALSA 1.0.8 works with both 2.4.x and 2.6.x kernels, so for
  the time being ALSA will stay at 1.0.8.  It would be nice to see these
  features backported in an official 2.4.32 kernel, or an alsa-driver-1.0.9b
  release that can work with either kernel branch...
bootdisks/*:  Upgraded to Linux 2.4.31 bootdisks.
kernels/*:  Upgraded to Linux 2.4.31 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Updated kernel modules to 2.4.31.
testing/packages/linux-2.6.11.11/alsa-driver-1.0.8_2.6.11.11-i486-1.tgz:
  Recompiled for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-generic-2.6.11.11-i486-1.tgz
  Upgraded to Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-headers-2.6.11.11-i386-1.tgz
  Upgraded to kernel headers from Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-modules-2.6.11.11-i486-1.tgz
  Upgraded to kernel modules for Linux 2.6.11.11.
testing/packages/linux-2.6.11.11/kernel-source-2.6.11.11-noarch-1.tgz
  Upgraded to kernel source for Linux 2.6.11.11.
+--------------------------+
Tue May 17 17:51:29 PDT 2005
xap/xfce-4.2.2-i486-1.tgz:  Upgraded to xfce-4.2.2.
+--------------------------+
Mon May 16 15:27:24 PDT 2005
a/glibc-solibs-2.3.5-i486-2.tgz:  Recompiled including a patch found
  in Debian's glibc sources that fixes an issue with TLS that breaks
  X and XMMS on machines that use nVidia's X drivers.  This might
  also be found in glibc CVS by now, but I'm not sure about that.  In
  any case, if you had problems before and you're using nVidia's
  drivers, this should fix it.  Also, I heard a few reports of trouble
  with Firefox not working with NPTL -- maybe this will also fix that?
a/glibc-zoneinfo-2.3.5-noarch-2.tgz:  Rebuilt.
l/glibc-2.3.5-i486-2.tgz:  Recompiled with TLS fix.
l/glibc-i18n-2.3.5-noarch-2.tgz:  Rebuilt.
l/glibc-profile-2.3.5-i486-2.tgz:  Recompiled with TLS fix.
+--------------------------+
Sun May 15 20:12:03 PDT 2005
n/ncftp-3.1.9-i486-1.tgz:  Upgraded to ncftp-3.1.9.
  This corrects a vulnerability where a download from a hostile FTP
  server might be written to an unintended location potentially
  compromising system security or causing a denial of service.
  For more details, see:
    http://www.ncftp.com/ncftp/doc/changelog.html#3.1.5
  (* Security fix *)
xap/jre-symlink-1.0.4-noarch-1.tgz:  Upgraded Java(TM) symlink for new
  versions of Mozilla Firefox and the Mozilla Suite.
xap/mozilla-1.7.8-i486-1.tgz:  Upgraded to mozilla-1.7.8.
  Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow
  an attacker to run arbitrary code. The Mozilla Suite version 1.7.7
  is only partially vulnerable.  For more details, see:
    http://www.mozilla.org/security/announce/mfsa2005-42.html
  (* Security fix *)
xap/mozilla-firefox-1.0.4-i686-1.tgz:  Upgraded to firefox-1.0.4.
  Two vulnerabilities found in Mozilla Firefox 1.0.3 when combined allow
  an attacker to run arbitrary code.  For more details, see:
    http://www.mozilla.org/security/announce/mfsa2005-42.html
  (* Security fix *)
+--------------------------+
Fri May 13 12:51:03 PDT 2005
Here's the (I'm sure) long awaited upgrade to Slackware's glibc to
include support for NPTL (the Native POSIX Thread Library).  NPTL
works with newer kernels (meaning 2.6.x, or a 2.4 kernel that is
patched to support NPTL, but not an unmodified "vanilla" 2.4 kernel
such as Slackware uses) to provide improved performance for threads.
This difference can be quite dramatic in some situations.  For example,
a benchmark test mentioned on Wikipedia started 100,000 threads
simultaneously in about 2 seconds on a system using NPTL.  The same
test using the old Linuxthreads glibc thread support took around 15
minutes to run!  For most applications that do not start large numbers
of threads the difference will not be so large, but for high traffic
servers, databases, or anything that runs large numbers of threads,
NPTL should bring big improvements in scalability and performance.
For compatibility, the regular (linuxthreads) libraries are installed
in /lib, and the new NPTL versions are installed in /lib/tls.  Which
versions are used depends on the kernel you're using.  If it's newer
than 2.6.4, then the NPTL libraries in /lib/tls will be used.  TLS
stands for "thread-local storage", and the directory name /lib/tls is
a little bit misleading since now both the linuxthreads and NPTL
versions of glibc are compiled with TLS support included (this is
needed to produce versions of tools such as ldconfig that can run under
either kind of system).

Getting all the kinks out of the build script to be able to get this to 
work with either 2.4 or 2.6 kernels and be able to switch back and forth 
without issues was quite a challenge, to say the least, and would have 
been much harder without all the good advice and help folks sent in to 
help me along and give me important hints.  A special thanks goes to 
Chad Corkrum for sending in some ./configure options that really helped 
get the ball rolling here.

Here's some information about compiling things using these libraries -- 
by default, if you compile something the headers and shared libraries 
used to compile and link the binary will be the linuxthreads versions, 
but when you go to run the binary it will link to the NPTL library 
versions (and you'll get the NPTL speed improvements) if you are running 
an NPTL capable kernel.  In rare cases you may find that an old binary 
doesn't work right when run against the NPTL libs, and in this case you 
can force it to run against the linuxthreads versions by setting the 
LD_ASSUME_KERNEL variable to assume the use of a 2.4.x (non-NPTL) kernel 
so that NPTL will not be used.  An easy way to see the effect of this is 
to try something like the following while using an NPTL enabled kernel:
  
  volkerdi@tree:~$ ldd /bin/bash
        linux-gate.so.1 =>  (0xffffe000)
        libtermcap.so.2 => /lib/libtermcap.so.2 (0xb7fcf000)
        libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fcb000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7eaf000)
        /lib/ld-linux.so.2 (0xb7feb000)

Note that in the example above, the binary is running against the NPTL 
libraries in /lib/tls.  Now, let's try setting LD_ASSUME_KERNEL:

  volkerdi@tree:~$ LD_ASSUME_KERNEL=2.4.30 ldd /bin/bash
        linux-gate.so.1 =>  (0xffffe000)
        libtermcap.so.2 => /lib/libtermcap.so.2 (0xb7fcf000)
        libdl.so.2 => /lib/libdl.so.2 (0xb7fcb000)
        libc.so.6 => /lib/libc.so.6 (0xb7eb2000)
        /lib/ld-linux.so.2 (0xb7feb000)

As you can see, now the binary is running against the linuxthreads 
version of glibc in /lib.  If you find old things that won't work with 
NPTL (which should be rare), this is the method you'll want to use to 
work around it.

Now for a little note about compiling things.  In most cases it will be 
just fine to compile against linuxthreads and run against NPTL, and this 
approach will produce the most flexible binaries (ones that will run 
against either linuxthreads or NPTL.)  However, in some cases you might 
want to use some of the new functions that are only available in NPTL, 
and to do that you'll need to use the NPTL versions of pthread.h and 
other headers that are different and link against the NPTL versions of 
the glibc libraries.  To do this you'll need to add these compile flags 
to your build in an appropriate spot:

    -I/usr/include/nptl -L/usr/lib/nptl
    (and link with -lpthread, of course)

Have fun, and report any problems to volkerdi@slackware.com.

a/glibc-solibs-2.3.5-i486-1.tgz:  Upgraded to glibc-2.3.5 shared libs.
a/glibc-zoneinfo-2.3.5-noarch-1.tgz:  Upgraded to time zone files from 
  glibc-2.3.5.
l/glibc-2.3.5-i486-1.tgz:  Upgraded to glibc-2.3.5.
l/glibc-i18n-2.3.5-noarch-1.tgz:  Upgraded to glibc-2.3.5 i18n files.
l/glibc-profile-2.3.5-i486-1.tgz:  Upgraded to glibc-2.3.5 profile libs.
xap/gaim-1.3.0-i486-1.tgz:  Upgraded to gaim-1.3.0.  This fixes a few
  bugs which could be used by a remote attacker to annoy a GAIM user by
  crashing GAIM and creating a denial of service.
  (* Security fix *)
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.6.11.9-i486-1.tgz:
  Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/alsa-driver-1.0.8_2.6.11.9-i486-1.tgz:
  Recompiled for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-generic-2.6.11.9-i486-1.tgz:
  Upgraded to Linux 2.6.11.9.  Note that as far as these so-called
  "sucker" kernels go, I won't be intending to follow every one that's
  released, but I figure I might as well upgrade _occasionallly_, as
  there's no reason to be testing for bugs that are already well-known.
  Anyway, I guess my point here is that when 2.6.11.10 comes out (if it's
  not out already ;-), I won't need everyone to be sending me email saying
  "new kernel! new kernel!".  If, on the other hand, you are personally
  affected by a kernel bug that's fixed by a new kernel in this series
  feel free to let me know about it.  Thanks!  :-)
testing/packages/linux-2.6.11.9/kernel-headers-2.6.11.9-i386-1.tgz:
  Upgraded to kernel headers from Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-modules-2.6.11.9-i486-1.tgz:
  Upgraded to kernel modules for Linux 2.6.11.9.
testing/packages/linux-2.6.11.9/kernel-source-2.6.11.9-noarch-1.tgz:
  Upgraded to kernel source for Linux 2.6.11.9.
+--------------------------+
Sun May  1 22:10:17 PDT 2005
a/hdparm-6.1-i486-1.tgz:  Upgraded to hdparm-6.1.
a/kernel-ide-2.4.30-i486-1.tgz:  Upgraded to Linux 2.4.30.
a/kernel-modules-2.4.30-i486-1.tgz:  Upgraded to Linux 2.4.30 kernel modules.
d/kernel-headers-2.4.30-i386-1.tgz:  Upgraded kernel headers from 2.4.30 kernel.
k/kernel-source-2.4.30-noarch-1.tgz:  Upgraded to Linux 2.4.30 kernel source.
l/alsa-driver-1.0.8_2.4.30-i486-1.tgz:  Recompiled for Linux 2.4.30.
l/gmp-4.1.4-i486-2.tgz:  Recompiled with --enable-mpfr.
l/libgtkhtml-2.6.3-i486-1.tgz:  Added libgtkhtml-2.6.3 (needed for GIMP's
  help browser plugin).
l/librsvg-2.8.1-i486-1.tgz:  Added librsvg-2.8.1 (needed for GIMP's SVG
  support plugin).
n/bind-9.3.1-i486-1.tgz:  Upgraded to bind-9.3.1.
n/getmail-4.3.7-noarch-1.tgz:  Upgraded to getmail-4.3.7.
xap/gimp-2.2.6-i486-2.tgz:  Rebuilt to include SVG and help browser plugins.
xap/gimp-help-2-0.7-noarch-1.tgz:  Added help files for the GIMP image editor.
xap/gxine-0.4.4-i486-1.tgz:  Upgraded to gxine-0.4.4.
xap/jre-symlink-1.0.3-noarch-2.tgz:  Make sure the directories for the symlinks
  are there.  (thanks to Eric Le Bras for the bug report)
xap/xine-lib-1.0.1-i686-1.tgz:  Upgraded to xine-lib-1.0.1.
  This fixes some bugs in the MMS and Real RTSP streaming client code.
  While the odds of this vulnerability being usable to a remote attacker are
  low (but see the xine advisory), if you stream media from sites using these
  protocols (and you think the sites might be "hostile" and will try to hack
  into your xine client), then you might want to upgrade to this new version
  of xine-lib.  Probably the other fixes and enchancements in xine-lib-1.0.1
  are a better rationale to do so, though.
  For more details on the xine-lib security issues, see:
    http://xinehq.de/index.php/security/XSA-2004-8
  (* Security fix *)
bootdisks/*:  Upgraded to Linux 2.4.30 bootdisks.
extra/linux-wlan-ng/linux-wlan-ng-0.2.1pre25_2.4.30-i486-1.tgz:
  Recompiled linux-wlan-ng-0.2.1pre25 for Linux 2.4.30.
kernels/*:  Upgraded to Linux 2.4.30 kernels.
isolinux/initrd.img, isolinux/network.dsk, isolinux/pcmcia.dsk,
rootdisks/install.*, rootdisks/network.dsk, rootdisks/pcmcia.dsk:
  Updated kernel modules to 2.4.30.
+--------------------------+
Thu Apr 21 14:26:29 PDT 2005
d/binutils-2.15.92.0.2-i486-3.tgz:  Upgraded to ksymoops-2.4.11.
d/cvs-1.11.20-i486-1.tgz:  Upgraded to cvs-1.11.20.
  From cvshome.org:  "This version fixes many minor security issues in the
  CVS server executable including a potentially serious buffer overflow
  vulnerability with no known exploit.  We recommend this upgrade for all CVS
  servers!"
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
  (* Security fix *)
d/python-2.4.1-i486-1.tgz:  Upgraded to python-2.4.1.
  From the python.org site:  "The Python development team has discovered a flaw
  in the SimpleXMLRPCServer library module which can give remote attackers
  access to internals of the registered object or its module or possibly other
  modules. The flaw only affects Python XML-RPC servers that use the
  register_instance() method to register an object without a _dispatch()
  method. Servers using only register_function() are not affected."
  For more details, see:
    http://python.org/security/PSF-2005-001/
  (* Security fix *)
d/python-demo-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1 demos.
d/python-tools-2.4.1-noarch-1.tgz:  Upgraded to python-2.4.1 tools.
kde/kdebase-3.4.0-i486-2.tgz:  Recompiled to link with Cyrus SASL.
kde/kdepim-3.4.0-i486-2.tgz:  Recompiled to link with Cyrus SASL.
l/glib2-2.6.4-i486-1.tgz:  Upgraded to glib-2.6.4.
l/gtk+2-2.6.7-i486-1.tgz:  Upgraded to gtk+-2.6.7.
l/libxml2-2.6.19-i486-1.tgz:  Upgraded to libxml2-2.6.19.
l/libxslt-1.1.14-i486-1.tgz:  Upgraded to libxslt-1.1.14.
n/cyrus-sasl-2.1.20-i486-1.tgz:  Added Cyrus SASL library (for Kmail).
xap/gaim-1.2.1-i486-1.tgz:  Upgraded to gaim-1.2.1.
  According to gaim.sf.net, this fixes a few denial-of-service flaws.
  (* Security fix *)
xap/gimp-2.2.6-i486-1.tgz:  Upgraded to gimp-2.2.6.
xap/jre-symlink-1.0.3-noarch-1.tgz:  Upgraded Java(TM) symlink for Mozilla
  Firefox and added an additional link for the Mozilla Suite.
xap/mozilla-1.7.7-i486-1.tgz:  Upgraded to mozilla-1.7.7.
  This fixes some security issues.  For complete details, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html
  (* Security fix *)
xap/mozilla-firefox-1.0.3-i686-1.tgz:  Upgraded to firefox-1.0.3.
  From the mozilla.org site:  "Firefox 1.0.3 is a security update that is
  part of our ongoing program to provide a safe Internet experience for our
  customers. We recommend that all users upgrade to this latest version."
  For complete details, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html
  (* Security fix *)
xap/xscreensaver-4.21-i486-2.tgz:  Patched to fix setgid shadow.
+--------------------------+
Tue Apr  5 12:52:00 PDT 2005
n/php-4.3.11-i486-1.tgz:  Upgraded to php-4.3.11.
 "This is a maintenance release that in addition to over 70 non-critical bug
  fixes addresses several security issues inside the exif and fbsql extensions
  as well as the unserialize(), swf_definepoly() and getimagesize() functions."
  (* Security fix *)
testing/packages/php-5.0.4/php-5.0.4-i486-1.tgz:  Upgraded to php-5.0.4.
  Fixes various bugs (and security issues.)
  (* Security fix *)
+--------------------------+
Sat Mar 26 23:04:41 PST 2005
a/hotplug-2004_09_23-noarch-2.tgz:  Blacklisted a few more modules:
  snd-atiixp-modem, snd-intel8x0m, snd-via82xx-modem, and intelfb.
  Thanks to Tomas Matejicek, Piter PUNK, and Tobias Svensson for reporting
  the problems with hotplug auto-loading these (in the rare event that your
  machine actually needs them, they can be manually loaded somewhere else
  in the boot scripts, such as rc.modules.)
a/infozip-5.52-i486-1.tgz:  Upgraded to unzip-5.52 and zip-2.31.
a/gettext-0.14.3-i486-1.tgz:  Upgraded to gettext-0.14.3.
ap/mysql-4.0.24-i486-1.tgz:  Upgraded to mysql-4.0.24.
d/automake-1.9.5-noarch-1.tgz:  Upgraded to automake-1.9.5.
d/gettext-tools-0.14.3-i486-1.tgz:  Upgraded to gettext-0.14.3.
d/libtool-1.5.14-i486-1.tgz:  Upgraded to libtool-1.5.14.
gnome/*:  Removed from -current, and turned over to community support and
  distribution.  I'm not going to rehash all the reasons behind this, but it's
  been under consideration for more than four years.  There are already good
  projects in place to provide Slackware GNOME for those who want it, and
  these are more complete than what Slackware has shipped in the past.  So, if
  you're looking for GNOME for Slackware -current, I would recommend looking at
  these two projects for well-built packages that follow a policy of minimal
  interference with the base Slackware system:

    http://gsb.sf.net
    http://gware.sf.net

  There is also Dropline, of course, which is quite popular.  However, due to
  their policy of adding PAM and replacing large system packages (like the
  entire X11 system) with their own versions, I can't give quite the same sort
  of nod to Dropline.  Nevertheless, it remains another choice, and it's _your_
  system, so I will also mention their project:

    http://www.dropline.net/gnome/

  Please do not incorrectly interpret any of this as a slight against GNOME
  itself, which (although it does usually need to be fixed and polished beyond
  the way it ships from upstream more so than, say, KDE or XFce) is a decent
  desktop choice.  So are a lot of others, but Slackware does not need to ship
  every choice.  GNOME is and always has been a moving target (even the
  "stable" releases usually aren't quite ready yet) that really does demand a
  team to keep up on all the changes (many of which are not always well
  documented).  I fully expect that this move will improve the quality of both
  Slackware itself, and the quality (and quantity) of the GNOME options
  available for it.

  Folks, this is how open source is supposed to work.  Enjoy.  :-)

kde/kdeaccessibility-3.4.0-i486-1.tgz:  Upgraded to kdeaccessibility-3.4.0.
kde/kdeaddons-3.4.0-i486-1.tgz:  Upgraded to kdeaddons-3.4.0.
kde/kdeadmin-3.4.0-i486-1.tgz:  Upgraded to kdeadmin-3.4.0.
kde/kdeartwork-3.4.0-i486-1.tgz:  Upgraded to kdeartwork-3.4.0.
kde/kdebase-3.4.0-i486-1.tgz:  Upgraded to kdebase-3.4.0.
kde/kdebindings-3.4.0-i486-1.tgz:  Upgraded to kdebindings-3.4.0.
kde/kdeedu-3.4.0-i486-1.tgz:  Upgraded to kdeedu-3.4.0.
kde/kdegames-3.4.0-i486-1.tgz:  Upgraded to kdegames-3.4.0.
kde/kdegraphics-3.4.0-i486-1.tgz:  Upgraded to kdegraphics-3.4.0.
kde/kdelibs-3.4.0-i486-1.tgz:  Upgraded to kdelibs-3.4.0.
kde/kdemultimedia-3.4.0-i486-1.tgz:  Upgraded to kdemultimedia-3.4.0.
kde/kdenetwork-3.4.0-i486-1.tgz:  Upgraded to kdenetwork-3.4.0.
kde/kdepim-3.4.0-i486-1.tgz:  Upgraded to kdepim-3.4.0.
kde/kdesdk-3.4.0-i486-1.tgz:  Upgraded to kdesdk-3.4.0.
kde/kdetoys-3.4.0-i486-1.tgz:  Upgraded to kdetoys-3.4.0.
kde/kdeutils-3.4.0-i486-1.tgz:  Upgraded to kdeutils-3.4.0.
kde/kdevelop-3.2.0-i486-1.tgz:  Upgraded to kdevelop-3.2.0.
kde/kdewebdev-3.4.0-i486-1.tgz:  Upgraded to kdewebdev-3.4.0.
kde/koffice-1.3.5-i486-3.tgz:  Recompiled.
kde/qt-3.3.4-i486-1.tgz:  Upgraded to qt-3.3.4 (with -stl).
l/atk-1.9.1-i486-1.tgz:  Upgraded to atk-1.9.1.
l/arts-1.4.0-i486-1.tgz:  Upgraded to arts-1.4.0.
l/expat-1.95.8-i486-1.tgz:  Upgraded to expat-1.95.8.
  (thanks to Alak Trakru for updating the DESTDIR patch)
l/gtk+2-2.6.4-i486-1.tgz:  Upgraded to gtk+-2.6.4.
l/libart_lgpl-2.3.17-i486-1.tgz:  Upgraded to libart_lgpl-2.3.17.
l/libglade-2.4.2-i486-1.tgz:  Upgraded to libglade-2.4.2.
l/libgsf-1.11.1-i486-1.tgz:  Upgraded to libgsf-1.11.1.
l/libidl-0.8.5-i486-1.tgz:  Upgraded to libidl-0.8.5, moved from /gnome.
  (this is used by Mozilla)
l/libmikmod-3.1.11a-i486-1.tgz:  Upgraded to libmikmod-3.1.11a, moved from
  /gnome.  (this is used by XMMS)
l/libxml2-2.6.18-i486-1.tgz:  Upgraded to libxml2-2.6.18.
l/libxslt-1.1.13-i486-1.tgz:  Upgraded to libxslt-1.1.13.
l/orbit-0.5.17-i386-1.tgz:  Removed obsolete ORBit.
l/pango-1.8.1-i486-1.tgz:  Upgraded to pango-1.8.1.
l/shared-mime-info-0.16-i486-1.tgz:  Upgraded to shared-mime-info-0.16, moved
  from /gnome.
l/startup-notification-0.8-i486-1.tgz:  Upgraded to startup-notification-0.8.
n/nail-11.22-i486-1.tgz:  Upgraded to nail-11.22.
n/samba-3.0.13-i486-1.tgz:  Upgraded to samba-3.0.13.
xap/gaim-1.2.0-i486-1.tgz:  Upgraded to gaim-1.2.0 and gaim-encryption-2.36.
  (compiled against mozilla-1.7.6)
xap/gimp-2.2.4-i486-1.tgz:  Upgraded to gimp-2.2.4.
xap/jre-symlink-1.0.2-noarch-1.tgz:  Upgraded Java link for Firefox 1.0.2.
xap/mozilla-1.7.6-i486-1.tgz:  Replaced Mozilla, upgraded to 1.7.6.
  While I got surprisingly few negative comments about Mozilla's previous
  removal from -current, I have decided put it back.  Why?  Well, it is a good
  piece of software with a long and respected history.  So, why then, would I
  have removed it before?  Did I lose my mind?  ;-)  My answer at the time was
  that once the Mozilla Foundation indicated that the primary future direction
  would be with Firefox and Thunderbird, and that active development on the
  traditional Mozilla suite would end, then the writing was already on the
  wall.  Slackware does not aim to be a Home for Orphaned Software, and if
  upstream ceases to support something, then I'll usually follow that lead in
  fairly short order.  However, Mozilla is being restored for now since I know
  it has a strong following, but also because it provides some features (like
  the composer) that FF/TB do not, and because the libraries are used in GAIM
  to provide support for MSN.  I am aware that GNUTLS can also be used for this
  purpose, but after looking that (and its dependencies) over, I'd prefer to
  not see that enter Slackware at this time.  OpenSSL could also be used for
  this support in GAIM, but unfortunately there is an incompatibility between
  GAIM's GPL license and OpenSSL's BSD-with-advertising-clause license.  This
  resulting snafu reminds me of a short article by Grigor Gatchev that I
  recently read on NewsForge, called "Metalicensing".  It's still online, and
  I'd suggest it (and the author's site) for a little additional reading on
  the topic of free license incompatibilities, and how we might avoid
  unintentionally setting these kinds of traps for ourselves.  I look forward
  to a world with the least possible restrictions on software development, and
  I think that step one is to be on guard against accidentally tying our own
  hands behind our backs.  Having a redundant (but differently free) version
  of every component and needing them _all_ to create a complete system does
  not strike me as the optimal solution.
    /* end "pseudo blog"  :-)  I hope I didn't offend anybody affiliated with
    any of these fine projects, as that is definately not my intent... */
  Back to the topic of _this package_, this Mozilla release fixes more than a
  dozen security issues (many of which are probably minor and unlikely to
  occur in real life, but you be the judge.)
  Please see mozilla.org for a complete list.
  (* Security fix *)
xap/mozilla-firefox-1.0.2-i686-1.tgz:  Upgraded to firefox-1.0.2.
  Fixes a GIF heap overflow and some other security issues.
  Please see mozilla.org for a complete list.
  (* Security fix *)
xap/mozilla-thunderbird-1.0.2-i686-1.tgz:  Upgraded to thunderbird-1.0.2.
  Fixes a GIF heap overflow and some other security issues.
  Please see mozilla.org for a complete list.
  (* Security fix *)
xap/xfce-4.2.1.1-i486-1.tgz:  Upgraded to xfce-4.2.1.1.
xap/xscreensaver-4.21-i486-1.tgz:  Upgraded to xscreensaver-4.21.
extra/k3b/k3b-0.11.23-i486-1.tgz:  Upgraded to k3b-0.11.23.
extra/parted/parted-1.6.22-i486-1.tgz:  Upgraded to parted-1.6.22.
testing/packages/gnupg-1.4.1-i486-1.tgz:  Upgraded to gnupg-1.4.1.
+--------------------------+
Wed Mar  9 21:15:23 PST 2005
a/udev-054-i486-3.tgz:  Fixed make_extra_nodes.sh to not require expr, which is
  under /usr and might not be available.  (thanks to Daniel de Kok)
n/nmap-3.81-i486-1.tgz:  Upgraded to nmap-3.81.
n/openssh-4.0p1-i486-1.tgz:  Upgraded to OpenSSH 4.0p1.
n/samba-3.0.11-i486-1.tgz:  Upgraded to samba-3.0.11.
extra/bittornado/bittornado-0.3.10-noarch-1.tgz:  Upgraded to BitTornado-0.3.10.
extra/bittorrent/bittorrent-4.0.0-noarch-1.tgz:  Upgraded to BitTorrent-4.0.0.
+--------------------------+
Tue Mar  8 14:23:58 PST 2005
xap/mozilla-firefox-1.0.1-i686-2.tgz:  Fixed default mailto: pref to use
  Thunderbird.  (thanks to Steven E. Woolard)
xap/mozilla-thunderbird-1.0-i686-2.tgz:  Fixed default URL handler to use
  Firefox for https:// as well as http://.  (thanks to Steven E. Woolard)
  Fixed background transparency of icon used by the thunderbird.desktop
  file.  (thanks to Jason Edson)
+--------------------------+
Mon Mar  7 22:16:12 PST 2005
a/udev-054-i486-2.tgz:  Removed udev.permissions file and merged the
  permissions configuration into the udev.rules file.  Also, added support
  for numbering multiple cdrom and dvd devices at boot time (thanks to
  Michal Kosmulski for sending in the starting diff).  Let me know if any
  permissions bugs remain...  sorry about that last batch 'o bugs -- my
  fault for not reading the instructions carefully.
xap/jre-symlink-1.0.1-noarch-1.tgz:  Adds a symlink to the Java(TM) plugin.
xap/mozilla-firefox-1.0.1-i686-1.tgz:  Added Mozilla Firefox (from the
  official binary distribution.)  Thanks to the Mozilla Foundation!  :-)
xap/mozilla-thunderbird-1.0-i686-1.tgz:  Added Mozilla Thunderbird (also
  from the official binary distribution.)
xap/mozilla-1.7.5-i486-1.tgz:  Removed.
xap/mozilla-plugins-1.7.5-noarch-2.tgz:  Removed.
xap/netscape-7.2-i686-1.tgz:  Removed.
testing/packages/linux-2.6.11/alsa-driver-1.0.8_2.6.11-i486-1.tgz:
  Upgraded to ALSA 1.0.8 for Linux 2.6.11.
testing/packages/linux-2.6.11/kernel-generic-2.6.11-i486-1.tgz:
  Upgraded to Linux 2.6.11 generic x86 kernel.
testing/packages/linux-2.6.11/kernel-headers-2.6.11-i386-1.tgz:
  Upgraded to Linux 2.6.11 kernel headers.
testing/packages/linux-2.6.11/kernel-modules-2.6.11-i486-1.tgz:
  Upgraded to Linux 2.6.11 kernel modules.
testing/packages/linux-2.6.11/kernel-source-2.6.11-noarch-1.tgz:
  Upgraded to Linux 2.6.11 kernel source.
+--------------------------+
Mon Feb 28 20:56:58 PST 2005
a/udev-054-i486-1.tgz:  Upgraded to udev-054.
ap/espgs-8.15rc2-i486-1.tgz:  Upgraded to espgs-8.15rc2.
d/flex-2.5.4a-i486-3.tgz:  Replaced old "lex" script with a symlink.
  (Thanks to Mike Sullivan)
d/gcc-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
d/gcc-g++-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
d/gcc-g77-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
d/gcc-gnat-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
d/gcc-java-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
d/gcc-objc-3.3.5-i486-1.tgz:  Upgraded to gcc-3.3.5.
l/glib2-2.6.3-i486-1.tgz:  Upgraded to glib-2.6.3.
l/gtk+2-2.6.3-i486-1.tgz:  Upgraded to gtk+-2.6.3.
t/tetex-3.0-i486-1.tgz:  Upgraded to teTeX 3.0.
t/tetex-doc-3.0-noarch-1.tgz:  Upgraded to teTeX 3.0 documentation.
xap/gaim-1.1.4-i486-1.tgz:  Upgraded to gaim-1.1.4 and gaim-encryption-2.35.
+--------------------------+
Mon Feb 14 10:31:43 PST 2005
Upgraded to X11R6.8.2 (these new -current X11 packages will also work just fine
on Slackware 10.1 since no libraries have changed since the 10.1 release)
x/x11-6.8.2-i486-1.tgz:  Upgraded to X11R6.8.2.
x/x11-devel-6.8.2-i486-1.tgz:  Upgraded to X11R6.8.2.
x/x11-docs-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-docs-html-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-fonts-100dpi-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-fonts-cyrillic-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-fonts-misc-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-fonts-scale-6.8.2-noarch-1.tgz:  Upgraded to X11R6.8.2.
x/x11-xdmx-6.8.2-i486-1.tgz:  Upgraded to X11R6.8.2.
x/x11-xnest-6.8.2-i486-1.tgz:  Upgraded to X11R6.8.2.
x/x11-xvfb-6.8.2-i486-1.tgz:  Upgraded to X11R6.8.2.
+--------------------------+
Wed Feb  2 18:22:01 PST 2005

Released Slackware 10.1 stable.

  Thanks to everyone who helped out with this release, and especially to the
  folks at GUS-BR and SlackSec who helped (and continue to help) with handling
  security issues for the last few months, to Andreas Liebschner for keeping
  the website updated and running smoothly, to Theresa Elam for all her hard
  work running store.slackware.com, to the folks on alt.os.linux.slackware for
  pointing out bugs and offering suggestions, to the people on ##slackware
  that I met on IRC (and some again in later emails), to Justin, Kyle, and Dean
  from the Linux User Group of Rochester, MN who I got to hang out with while
  "vacationing" at the Mayo Clinic, to everyone who signed my online Christmas
  card (one of the nicest things I ever got), and to all the kind and patient
  members of the Slackware community.  I hope all of you will enjoy this new
  Slackware release.

Have fun!  :-)

Your Slackware Maintainer,

Pat

PS   I'm looking forward to working with all of you towards the next one, too.
PPS  Sorry if that was too much like an Academy Award speech.  I could almost
     hear that music shoving me off the stage.  ;-)