Thu May 25 00:24:33 UTC 202320230525002433_15.0

patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
  This update patches a security issue:
  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
  compiling a TeX file obtained from an untrusted source. This occurs
  because luatex-core.lua lets the original io.popen be accessed. This also
  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
  Thanks to Johannes Schoepfer.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-32700
  (* Security fix *)

1 files changed, 14 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 745192382..ffda12288 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,17 @@
+Thu May 25 00:24:33 UTC 2023
+patches/packages/curl-8.1.1-x86_64-1_slack15.0.txz:  Upgraded.
+  This is a bugfix release.
+patches/packages/texlive-2023.230322-x86_64-1_slack15.0.txz:  Upgraded.
+  This update patches a security issue:
+  LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
+  compiling a TeX file obtained from an untrusted source. This occurs
+  because luatex-core.lua lets the original io.popen be accessed. This also
+  affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
+  Thanks to Johannes Schoepfer.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-32700
+  (* Security fix *)
++--------------------------+
 Mon May 22 19:05:02 UTC 2023
 patches/packages/c-ares-1.19.1-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes bugs and security issues: