summaryrefslogtreecommitdiffstats
path: root/ChangeLog.rss
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-02-15 19:48:10 +0000
committer Eric Hameleers <alien@slackware.com>2023-02-15 21:32:50 +0100
commit96a46e0fa18d13ba3e422f8431cb68d28ea9b706 (patch)
tree32d39f3c9a81acd8258dc927626400d80355391c /ChangeLog.rss
parent88d937fb4e8fcda2688596b4c6dc5b24d275eb8d (diff)
downloadcurrent-96a46e0fa18d13ba3e422f8431cb68d28ea9b706.tar.gz
current-96a46e0fa18d13ba3e422f8431cb68d28ea9b706.tar.xz
Wed Feb 15 19:48:10 UTC 202320230215194810
ap/sudo-1.9.13-x86_64-1.txz: Upgraded. d/git-2.39.2-x86_64-1.txz: Upgraded. This update fixes security issues: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply". For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-22490 https://www.cve.org/CVERecord?id=CVE-2023-23946 (* Security fix *) n/curl-7.88.0-x86_64-1.txz: Upgraded. This update fixes security issues: HTTP multi-header compression denial of service. HSTS amnesia with --parallel. HSTS ignored on multiple requests. For more information, see: https://curl.se/docs/CVE-2023-23916.html https://curl.se/docs/CVE-2023-23915.html https://curl.se/docs/CVE-2023-23914.html https://www.cve.org/CVERecord?id=CVE-2023-23916 https://www.cve.org/CVERecord?id=CVE-2023-23915 https://www.cve.org/CVERecord?id=CVE-2023-23914 (* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss46
1 files changed, 44 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 816ecb865..33ec120a7 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,52 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
- <lastBuildDate>Wed, 15 Feb 2023 05:50:09 GMT</lastBuildDate>
+ <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate>
+ <lastBuildDate>Wed, 15 Feb 2023 20:32:46 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
+ <title>Wed, 15 Feb 2023 19:48:10 GMT</title>
+ <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20230215194810</link>
+ <guid isPermaLink="false">20230215194810</guid>
+ <description>
+ <![CDATA[<pre>
+ap/sudo-1.9.13-x86_64-1.txz: Upgraded.
+d/git-2.39.2-x86_64-1.txz: Upgraded.
+ This update fixes security issues:
+ Using a specially-crafted repository, Git can be tricked into using
+ its local clone optimization even when using a non-local transport.
+ Though Git will abort local clones whose source $GIT_DIR/objects
+ directory contains symbolic links (c.f., CVE-2022-39253), the objects
+ directory itself may still be a symbolic link.
+ These two may be combined to include arbitrary files based on known
+ paths on the victim's filesystem within the malicious repository's
+ working copy, allowing for data exfiltration in a similar manner as
+ CVE-2022-39253.
+ By feeding a crafted input to "git apply", a path outside the
+ working tree can be overwritten as the user who is running "git
+ apply".
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2023-22490
+ https://www.cve.org/CVERecord?id=CVE-2023-23946
+ (* Security fix *)
+n/curl-7.88.0-x86_64-1.txz: Upgraded.
+ This update fixes security issues:
+ HTTP multi-header compression denial of service.
+ HSTS amnesia with --parallel.
+ HSTS ignored on multiple requests.
+ For more information, see:
+ https://curl.se/docs/CVE-2023-23916.html
+ https://curl.se/docs/CVE-2023-23915.html
+ https://curl.se/docs/CVE-2023-23914.html
+ https://www.cve.org/CVERecord?id=CVE-2023-23916
+ https://www.cve.org/CVERecord?id=CVE-2023-23915
+ https://www.cve.org/CVERecord?id=CVE-2023-23914
+ (* Security fix *)
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Wed, 15 Feb 2023 03:05:40 GMT</title>
<pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20230215030540</link>