1 files changed, 103 insertions, 2 deletions

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 542bc52f0..0bd72a140 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,111 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Fri, 13 Jan 2023 20:29:55 GMT</pubDate>
-      <lastBuildDate>Sat, 14 Jan 2023 12:30:16 GMT</lastBuildDate>
+      <pubDate>Thu, 19 Jan 2023 00:40:12 GMT</pubDate>
+      <lastBuildDate>Thu, 19 Jan 2023 12:30:15 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Thu, 19 Jan 2023 00:40:12 GMT</title>
+         <pubDate>Thu, 19 Jan 2023 00:40:12 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20230119004012</link>
+         <guid isPermaLink="false">20230119004012</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
+  a malicious user with sudoedit privileges to edit arbitrary files.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-22809
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
+         <title>Wed, 18 Jan 2023 06:11:54 GMT</title>
+         <pubDate>Wed, 18 Jan 2023 06:11:54 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20230118061154</link>
+         <guid isPermaLink="false">20230118061154</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/git-2.35.6-x86_64-1_slack15.0.txz:  Upgraded.
+  This release fixes two security issues:
+  * CVE-2022-41903:
+  git log has the ability to display commits using an arbitrary
+  format with its --format specifiers. This functionality is also
+  exposed to git archive via the export-subst gitattribute.
+  When processing the padding operators (e.g., %<(, %<|(, %>(,
+  %>>(, or %><( ), an integer overflow can occur in
+  pretty.c::format_and_pad_commit() where a size_t is improperly
+  stored as an int, and then added as an offset to a subsequent
+  memcpy() call.
+  This overflow can be triggered directly by a user running a
+  command which invokes the commit formatting machinery (e.g., git
+  log --format=...). It may also be triggered indirectly through
+  git archive via the export-subst mechanism, which expands format
+  specifiers inside of files within the repository during a git
+  archive.
+  This integer overflow can result in arbitrary heap writes, which
+  may result in remote code execution.
+  * CVE-2022-23521:
+  gitattributes are a mechanism to allow defining attributes for
+  paths. These attributes can be defined by adding a `.gitattributes`
+  file to the repository, which contains a set of file patterns and
+  the attributes that should be set for paths matching this pattern.
+  When parsing gitattributes, multiple integer overflows can occur
+  when there is a huge number of path patterns, a huge number of
+  attributes for a single pattern, or when the declared attribute
+  names are huge.
+  These overflows can be triggered via a crafted `.gitattributes` file
+  that may be part of the commit history. Git silently splits lines
+  longer than 2KB when parsing gitattributes from a file, but not when
+  parsing them from the index. Consequentially, the failure mode
+  depends on whether the file exists in the working tree, the index or
+  both.
+  This integer overflow can result in arbitrary heap reads and writes,
+  which may result in remote code execution.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-41903
+    https://www.cve.org/CVERecord?id=CVE-2022-23521
+  (* Security fix *)
+patches/packages/httpd-2.4.55-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes bugs and the following security issues:
+  mod_proxy allows a backend to trigger HTTP response splitting.
+  mod_proxy_ajp possible request smuggling.
+  mod_dav out of bounds read, or write of zero byte.
+  For more information, see:
+    https://downloads.apache.org/httpd/CHANGES_2.4.55
+    https://www.cve.org/CVERecord?id=CVE-2022-37436
+    https://www.cve.org/CVERecord?id=CVE-2022-36760
+    https://www.cve.org/CVERecord?id=CVE-2006-20001
+  (* Security fix *)
+patches/packages/libXpm-3.5.15-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Infinite loop on unclosed comments.
+  Runaway loop with width of 0 and enormous height.
+  Compression commands depend on $PATH.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-46285
+    https://www.cve.org/CVERecord?id=CVE-2022-44617
+    https://www.cve.org/CVERecord?id=CVE-2022-4883
+  (* Security fix *)
+patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz:  Upgraded.
+  This update contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/firefox/102.7.0/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/
+    https://www.cve.org/CVERecord?id=CVE-2022-46871
+    https://www.cve.org/CVERecord?id=CVE-2023-23598
+    https://www.cve.org/CVERecord?id=CVE-2023-23599
+    https://www.cve.org/CVERecord?id=CVE-2023-23601
+    https://www.cve.org/CVERecord?id=CVE-2023-23602
+    https://www.cve.org/CVERecord?id=CVE-2022-46877
+    https://www.cve.org/CVERecord?id=CVE-2023-23603
+    https://www.cve.org/CVERecord?id=CVE-2023-23605
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Fri, 13 Jan 2023 20:29:55 GMT</title>
          <pubDate>Fri, 13 Jan 2023 20:29:55 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20230113202955</link>