1 files changed, 49 insertions, 2 deletions

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 806c4cfff..14a6cf539 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,57 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon,  5 Dec 2022 21:00:46 GMT</pubDate>
-      <lastBuildDate>Tue,  6 Dec 2022 12:30:22 GMT</lastBuildDate>
+      <pubDate>Wed,  7 Dec 2022 18:48:07 GMT</pubDate>
+      <lastBuildDate>Thu,  8 Dec 2022 12:30:17 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Wed,  7 Dec 2022 18:48:07 GMT</title>
+         <pubDate>Wed,  7 Dec 2022 18:48:07 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20221207184807</link>
+         <guid isPermaLink="false">20221207184807</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/python3-3.9.16-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680
+  (heap use-after-free).
+  gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio
+  related name resolution functions no longer involves a quadratic algorithm
+  to fix CVE-2022-45061. This prevents a potential CPU denial of service if an
+  out-of-spec excessive length hostname involving bidirectional characters were
+  decoded. Some protocols such as urllib http 3xx redirects potentially allow
+  for an attacker to supply such a name.
+  gh-100001: python -m http.server no longer allows terminal control characters
+  sent within a garbage request to be printed to the stderr server log.
+  gh-87604: Avoid publishing list of active per-interpreter audit hooks via the
+  gc module.
+  gh-97514: On Linux the multiprocessing module returns to using filesystem
+  backed unix domain sockets for communication with the forkserver process
+  instead of the Linux abstract socket namespace. Only code that chooses to use
+  the "forkserver" start method is affected. This prevents Linux CVE-2022-42919
+  (potential privilege escalation) as abstract sockets have no permissions and
+  could allow any user on the system in the same network namespace (often the
+  whole system) to inject code into the multiprocessing forkserver process.
+  Filesystem based socket permissions restrict this to the forkserver process
+  user as was the default in Python 3.8 and earlier.
+  gh-98517: Port XKCP's fix for the buffer overflows in SHA-3 to fix
+  CVE-2022-37454.
+  gh-68966: The deprecated mailcap module now refuses to inject unsafe text
+  (filenames, MIME types, parameters) into shell commands to address
+  CVE-2015-20107. Instead of using such text, it will warn and act as if a
+  match was not found (or for test commands, as if the test failed).
+  For more information, see:
+    https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html
+    https://www.cve.org/CVERecord?id=CVE-2022-43680
+    https://www.cve.org/CVERecord?id=CVE-2022-45061
+    https://www.cve.org/CVERecord?id=CVE-2022-42919
+    https://www.cve.org/CVERecord?id=CVE-2022-37454
+    https://www.cve.org/CVERecord?id=CVE-2015-20107
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Mon,  5 Dec 2022 21:00:46 GMT</title>
          <pubDate>Mon,  5 Dec 2022 21:00:46 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20221205210046</link>