diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2024-03-27 19:16:09 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2024-03-28 13:30:39 +0100 |
commit | 9146b9762b016788f798633449f921fb2f8df529 (patch) | |
tree | f176da2396ba5be743fffb2beb4516953f172a3b /ChangeLog.txt | |
parent | 9543d326f2858aedf7a7b335dc6bb336d0206625 (diff) | |
download | current-9146b9762b016788f798633449f921fb2f8df529.tar.gz current-9146b9762b016788f798633449f921fb2f8df529.tar.xz |
Wed Mar 27 19:16:09 UTC 202420240327191609_15.0
patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded.
This release fixes the following security issues:
TLS certificate check bypass with mbedTLS.
HTTP/2 push headers memory-leak.
QUIC certificate check bypass with wolfSSL.
Usage of disabled protocol.
For more information, see:
https://curl.se/docs/CVE-2024-2466.html
https://curl.se/docs/CVE-2024-2398.html
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2004.html
https://www.cve.org/CVERecord?id=CVE-2024-2466
https://www.cve.org/CVERecord?id=CVE-2024-2398
https://www.cve.org/CVERecord?id=CVE-2024-2379
https://www.cve.org/CVERecord?id=CVE-2024-2004
(* Security fix *)
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 7d27d32a9..6ce5574b5 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,21 @@ +Wed Mar 27 19:16:09 UTC 2024 +patches/packages/curl-8.7.1-x86_64-1_slack15.0.txz: Upgraded. + This release fixes the following security issues: + TLS certificate check bypass with mbedTLS. + HTTP/2 push headers memory-leak. + QUIC certificate check bypass with wolfSSL. + Usage of disabled protocol. + For more information, see: + https://curl.se/docs/CVE-2024-2466.html + https://curl.se/docs/CVE-2024-2398.html + https://curl.se/docs/CVE-2024-2379.html + https://curl.se/docs/CVE-2024-2004.html + https://www.cve.org/CVERecord?id=CVE-2024-2466 + https://www.cve.org/CVERecord?id=CVE-2024-2398 + https://www.cve.org/CVERecord?id=CVE-2024-2379 + https://www.cve.org/CVERecord?id=CVE-2024-2004 + (* Security fix *) ++--------------------------+ Sun Mar 24 18:21:46 UTC 2024 patches/packages/emacs-29.3-x86_64-1_slack15.0.txz: Upgraded. GNU Emacs through 28.2 allows attackers to execute commands via shell |