[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Dragora-bug] Dragora updates #003
From: |
Lucas Sköldqvist |
Subject: |
[Dragora-bug] Dragora updates #003 |
Date: |
Wed, 14 Aug 2013 20:44:06 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
The Dragora team is happy to announce security updates #003. This
release fixes security issues in the following packages:
curl
pidgin
poppler
Read the details of each update through the official ChangeLog[1]. The
ChangeLog contains a brief description of the problem(s) along with the
corresponding references.
We recommend that you upgrade your packages as soon as possible.
Here are the 32-bit packages:
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/32b/curl-7.31.0-i486-1.tlz
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/32b/pidgin-2.10.7-i486-1.tlz
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/32b/poppler-0.18.4-i486-1.tlz
Here are the 64-bit packages:
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/64b/curl-7.31.0-x86_64-1.tlz
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/64b/pidgin-2.10.7-x86_64-1.tlz
http://mirror.fsf.org/dragora/dragora-2.2/upgrades/packages/64b/poppler-0.18.4-x86_64-1.tlz
If you need the detached GPG signatures[2] just append .sig to the URLs above.
These are the SHA1 checksums:
692e9646f853abfa071480fe80f61873fef77748 curl-7.31.0-i486-1.tlz
af75f3ea0691d6849fa5aeb2c1779c851dbc0bf1 pidgin-2.10.7-i486-1.tlz
e3391e1033aed84113973d30368bd4a43289c688 poppler-0.18.4-i486-1.tlz
bd0e8468692f5ba5b8550601fbfd1a9fd09141c0 curl-7.31.0-x86_64-1.tlz
b90c6874d91bf82297fbd04a0d844db04fcd8078 pidgin-2.10.7-x86_64-1.tlz
7ba55bf5278d89aa2fac2c98adb37363c599749d poppler-0.18.4-x86_64-1.tlz
To upgrade a package you issue the following command:
pkg upgrade <tlz file>
So if you would like to upgrade pidgin 2.10.6 to pidgin 2.10.7 you would run the
following with root permissions:
pkg upgrade pidgin-2.10.6-i486-1.tlz pidgin-2.10.7-i486-1.tlz
Or simply:
pkg upgrade pidgin-2.10.7-i486-1.tlz
[1] http://mirror.fsf.org/dragora/dragora-2.2/ChangeLog.txt
[2] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify pidgin-2.10.7-i486-1.tlz.sig
If that command fails because you don't have the required public key,
then run these commands to import it:
wget http://mirror.fsf.org/dragora/dragora-2.2/KEY
gpg --import KEY
and rerun the 'gpg --verify' command.
--
Lucas Sköldqvist (frusen) [2BC57692]
85F7 C267 BC83 6603 66C9 927D AEFB 6AFC 2BC5 7692
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Dragora-bug] Dragora updates #003,
Lucas Sköldqvist <=