diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-12-08 22:48:34 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-12-09 13:30:05 +0100 |
commit | d17567f359b292f76be7d60ae588ef567df4d95e (patch) | |
tree | cf7804f448830067536877816b39f6bb65fb8614 /ChangeLog.txt | |
parent | 7add5d2865572a0a23891756e58701a6c97c5965 (diff) | |
download | current-d17567f359b292f76be7d60ae588ef567df4d95e.tar.gz current-d17567f359b292f76be7d60ae588ef567df4d95e.tar.xz |
Thu Dec 8 22:48:34 UTC 202220221208224834_15.0
patches/packages/emacs-27.2-x86_64-2_slack15.0.txz: Rebuilt.
GNU Emacs through 28.2 allows attackers to execute commands via shell
metacharacters in the name of a source-code file, because lib-src/etags.c
uses the system C library function in its implementation of the ctags
program. For example, a victim may use the "ctags *" command (suggested in
the ctags documentation) in a situation where the current working directory
has contents that depend on untrusted input.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-45939
(* Security fix *)
patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.
This update fixes various security issues such as a heap-based buffer
overflow and use after free.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-4141
https://www.cve.org/CVERecord?id=CVE-2022-3591
https://www.cve.org/CVERecord?id=CVE-2022-3520
https://www.cve.org/CVERecord?id=CVE-2022-3491
https://www.cve.org/CVERecord?id=CVE-2022-4292
https://www.cve.org/CVERecord?id=CVE-2022-4293
(* Security fix *)
patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded.
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index a4bb23b23..f1c05c892 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,27 @@ +Thu Dec 8 22:48:34 UTC 2022 +patches/packages/emacs-27.2-x86_64-2_slack15.0.txz: Rebuilt. + GNU Emacs through 28.2 allows attackers to execute commands via shell + metacharacters in the name of a source-code file, because lib-src/etags.c + uses the system C library function in its implementation of the ctags + program. For example, a victim may use the "ctags *" command (suggested in + the ctags documentation) in a situation where the current working directory + has contents that depend on untrusted input. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-45939 + (* Security fix *) +patches/packages/vim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded. + This update fixes various security issues such as a heap-based buffer + overflow and use after free. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-4141 + https://www.cve.org/CVERecord?id=CVE-2022-3591 + https://www.cve.org/CVERecord?id=CVE-2022-3520 + https://www.cve.org/CVERecord?id=CVE-2022-3491 + https://www.cve.org/CVERecord?id=CVE-2022-4292 + https://www.cve.org/CVERecord?id=CVE-2022-4293 + (* Security fix *) +patches/packages/vim-gvim-9.0.1034-x86_64-1_slack15.0.txz: Upgraded. ++--------------------------+ Wed Dec 7 18:48:07 UTC 2022 patches/packages/python3-3.9.16-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: |