diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-12-08 22:48:34 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-12-09 13:30:05 +0100 |
commit | d17567f359b292f76be7d60ae588ef567df4d95e (patch) | |
tree | cf7804f448830067536877816b39f6bb65fb8614 /COPYRIGHT.TXT | |
parent | 7add5d2865572a0a23891756e58701a6c97c5965 (diff) | |
download | current-d17567f359b292f76be7d60ae588ef567df4d95e.tar.gz current-d17567f359b292f76be7d60ae588ef567df4d95e.tar.xz |
Thu Dec 8 22:48:34 UTC 202220221208224834_15.0
patches/packages/emacs-27.2-x86_64-2_slack15.0.txz: Rebuilt.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.
This update fixes various security issues such as a heap-based buffer
overflow and use after free.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-4141
https://www.cve.org/CVERecord?id=CVE-2022-3591
https://www.cve.org/CVERecord?id=CVE-2022-3520
https://www.cve.org/CVERecord?id=CVE-2022-3491
https://www.cve.org/CVERecord?id=CVE-2022-4292
https://www.cve.org/CVERecord?id=CVE-2022-4293
(* Security fix *)
patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.
Diffstat (limited to 'COPYRIGHT.TXT')
0 files changed, 0 insertions, 0 deletions