Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicwhmhswuoyh5zh32mhwnibko5gyoogn2hoxj4z6fskoqccjc5nsu",
    "uri": "at://did:plc:hqad6xwuzg7oqfmwylfkvqfm/app.bsky.feed.post/3mirpho4syu32"
  },
  "path": "/viewtopic.php?t=32780&p=271893#p271893",
  "publishedAt": "2026-04-05T20:28:16.000Z",
  "site": "http://forum.palemoon.org",
  "tags": [
    "https://www.cve.org/CVERecord?id=CVE-2026-33416",
    "https://www.cve.org/CVERecord?id=CVE-2026-33636",
    "https://www.cve.org/CVERecord?id=CVE-2026-32776",
    "https://www.cve.org/CVERecord?id=CVE-2026-32777",
    "https://www.cve.org/CVERecord?id=CVE-2026-32778",
    "https://www.cve.org/CVERecord?id=CVE-2026-2564",
    "https://www.cve.org/CVERecord?id=CVE-2026-24515",
    "https://www.cve.org/CVERecord?id=CVE-2026-25210"
  ],
  "textContent": "I'm just a regular user, so I might say something silly. Can these files be replaced with symbolic links?\n\n/usr/include/palemoon-XX.X.X/expat_config.h ---- > /usr/include/expat_config.h\n/usr/include/palemoon-XX.X.X/expat_external.h ---- > /usr/include/expat_external.h\n/usr/include/palemoon-XX.X.X/expat.h ---- > /usr/include/xpat.h\n/usr/include/palemoon-XX.X.X/pnglibconf.h ---- > /usr/include/nglibconf.h\n/usr/include/palemoon-XX.X.X/pngconf.h ---- > /usr/include/pngconf.h\n\nFri Mar 27 04:09:20 UTC 2026\npatches/packages/libpng-1.6.56-x86_64-1_slack15.0.txz: Upgraded.\nThis update fixes security issues:\nUse-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE.\nOut-of-bounds read/write in the palette expansion on ARM Neon.\nFor more information, see:\nhttps://www.cve.org/CVERecord?id=CVE-2026-33416\nhttps://www.cve.org/CVERecord?id=CVE-2026-33636\n\nWed Mar 18 23:23:04 UTC 2026\npatches/packages/expat-2.7.5-x86_64-1_slack15.0.txz: Upgraded.\nThis update fixes security issues:\nFix NULL function pointer dereference for empty external parameter entities;\nit takes use of both functions XML_ExternalEntityParserCreate and\nXML_SetParamEntityParsing for an application to be vulnerable.\nProtect from XML_TOK_INSTANCE_START infinite loop in function\nentityValueProcessor; it takes use of both functions\nXML_ExternalEntityParserCreate and XML_SetParamEntityParsing for an\napplication to be vulnerable.\nFix NULL dereference in function setContext on retry after an earlier\nouf-of-memory condition; it takes use of function XML_ParserCreateNS or\nXML_ParserCreate_MM for an application to be vulnerable.\nFor more information, see:\nhttps://www.cve.org/CVERecord?id=CVE-2026-32776\nhttps://www.cve.org/CVERecord?id=CVE-2026-32777\nhttps://www.cve.org/CVERecord?id=CVE-2026-32778\n\nThu Feb 12 01:40:58 UTC 2026\npatches/packages/libpng-1.6.55-x86_64-1_slack15.0.txz: Upgraded.\nFixed a high severity security issue:\nHeap buffer overflow in `png_set_quantize`.\nReported and fixed by Joshua Inscoe.\nFor more information, see:\nhttps://www.cve.org/CVERecord?id=CVE-2026-2564\n\nSat Jan 31 23:57:36 UTC 2026\npatches/packages/expat-2.7.4-x86_64-1_slack15.0.txz: Upgraded.\nThis update fixes security issues:\nFunction XML_ExternalEntityParserCreate failed to copy the encoding handler\ndata passed to XML_SetUnknownEncodingHandler from the parent to the new\nsubparser. This can cause a NULL dereference and denial of service.\nInteger overflow related to buffer size determination in function doContent.\nFor more information, see:\nhttps://www.cve.org/CVERecord?id=CVE-2026-24515\nhttps://www.cve.org/CVERecord?id=CVE-2026-25210\n\n* * *",
  "title": "Contributed 3rd Party Builds • Re: Pale Moon for Slackware Linux",
  "updatedAt": "2026-04-05T20:28:16.000Z"
}