diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 113 |
1 files changed, 111 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index eeeda9433..ea49e56f3 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,119 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate> - <lastBuildDate>Tue, 18 Oct 2022 05:00:16 GMT</lastBuildDate> + <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate> + <lastBuildDate>Wed, 19 Oct 2022 05:00:54 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Tue, 18 Oct 2022 20:29:54 GMT</title> + <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20221018202954</link> + <guid isPermaLink="false">20221018202954</guid> + <description> + <![CDATA[<pre> +ap/vim-9.0.0790-x86_64-1.txz: Upgraded. +d/ccache-4.7-x86_64-1.txz: Upgraded. +d/git-2.38.1-x86_64-1.txz: Upgraded. + This release fixes two security issues: + * CVE-2022-39253: + When relying on the `--local` clone optimization, Git dereferences + symbolic links in the source repository before creating hardlinks + (or copies) of the dereferenced link in the destination repository. + This can lead to surprising behavior where arbitrary files are + present in a repository's `$GIT_DIR` when cloning from a malicious + repository. + Git will no longer dereference symbolic links via the `--local` + clone mechanism, and will instead refuse to clone repositories that + have symbolic links present in the `$GIT_DIR/objects` directory. + Additionally, the value of `protocol.file.allow` is changed to be + "user" by default. + * CVE-2022-39260: + An overly-long command string given to `git shell` can result in + overflow in `split_cmdline()`, leading to arbitrary heap writes and + remote code execution when `git shell` is exposed and the directory + `$HOME/git-shell-commands` exists. + `git shell` is taught to refuse interactive commands that are + longer than 4MiB in size. `split_cmdline()` is hardened to reject + inputs larger than 2GiB. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260 + (* Security fix *) +kde/bluedevil-5.26.1-x86_64-1.txz: Upgraded. +kde/breeze-5.26.1-x86_64-1.txz: Upgraded. +kde/breeze-grub-5.26.1-x86_64-1.txz: Upgraded. +kde/breeze-gtk-5.26.1-x86_64-1.txz: Upgraded. +kde/drkonqi-5.26.1-x86_64-1.txz: Upgraded. +kde/kactivitymanagerd-5.26.1-x86_64-1.txz: Upgraded. +kde/kde-cli-tools-5.26.1-x86_64-1.txz: Upgraded. +kde/kde-gtk-config-5.26.1-x86_64-1.txz: Upgraded. +kde/kdecoration-5.26.1-x86_64-1.txz: Upgraded. +kde/kdeplasma-addons-5.26.1-x86_64-1.txz: Upgraded. +kde/kgamma5-5.26.1-x86_64-1.txz: Upgraded. +kde/khotkeys-5.26.1-x86_64-1.txz: Upgraded. +kde/kinfocenter-5.26.1-x86_64-1.txz: Upgraded. +kde/kmenuedit-5.26.1-x86_64-1.txz: Upgraded. +kde/kpipewire-5.26.1-x86_64-1.txz: Upgraded. +kde/kscreen-5.26.1-x86_64-1.txz: Upgraded. +kde/kscreenlocker-5.26.1-x86_64-1.txz: Upgraded. +kde/ksshaskpass-5.26.1-x86_64-1.txz: Upgraded. +kde/ksystemstats-5.26.1-x86_64-1.txz: Upgraded. +kde/kwallet-pam-5.26.1-x86_64-1.txz: Upgraded. +kde/kwayland-integration-5.26.1-x86_64-1.txz: Upgraded. +kde/kwin-5.26.1-x86_64-1.txz: Upgraded. +kde/kwrited-5.26.1-x86_64-1.txz: Upgraded. +kde/layer-shell-qt-5.26.1-x86_64-1.txz: Upgraded. +kde/libkscreen-5.26.1-x86_64-1.txz: Upgraded. +kde/libksysguard-5.26.1-x86_64-1.txz: Upgraded. +kde/milou-5.26.1-x86_64-1.txz: Upgraded. +kde/oxygen-5.26.1-x86_64-1.txz: Upgraded. +kde/oxygen-sounds-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-browser-integration-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-desktop-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-disks-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-firewall-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-integration-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-nm-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-pa-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-sdk-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-systemmonitor-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-vault-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-workspace-5.26.1-x86_64-1.txz: Upgraded. +kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz: Upgraded. +kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz: Upgraded. +kde/powerdevil-5.26.1-x86_64-1.txz: Upgraded. +kde/qqc2-breeze-style-5.26.1-x86_64-1.txz: Upgraded. +kde/sddm-kcm-5.26.1-x86_64-1.txz: Upgraded. +kde/systemsettings-5.26.1-x86_64-1.txz: Upgraded. +kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz: Upgraded. +l/libical-3.0.16-x86_64-1.txz: Upgraded. +l/nodejs-19.0.0-x86_64-1.txz: Upgraded. +n/NetworkManager-1.40.2-x86_64-1.txz: Upgraded. +n/whois-5.5.14-x86_64-1.txz: Upgraded. +x/libXmu-1.1.4-x86_64-1.txz: Upgraded. +x/libXpresent-1.0.1-x86_64-1.txz: Upgraded. +x/libpciaccess-0.17-x86_64-1.txz: Upgraded. +x/libxkbfile-1.1.1-x86_64-1.txz: Upgraded. +x/libxshmfence-1.3.1-x86_64-1.txz: Upgraded. +x/pixman-0.42.0-x86_64-1.txz: Upgraded. +x/xcb-util-cursor-0.1.4-x86_64-1.txz: Upgraded. +xap/mozilla-firefox-106.0-x86_64-1.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/106.0/releasenotes/ + https://www.mozilla.org/security/advisories/mfsa2022-44/ + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932 + (* Security fix *) +xap/vim-gvim-9.0.0790-x86_64-1.txz: Upgraded. + </pre>]]> + </description> + </item> + <item> <title>Mon, 17 Oct 2022 19:31:45 GMT</title> <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20221017193145</link> |