diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 105 |
1 files changed, 103 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 542bc52f0..0bd72a140 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,111 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Fri, 13 Jan 2023 20:29:55 GMT</pubDate> - <lastBuildDate>Sat, 14 Jan 2023 12:30:16 GMT</lastBuildDate> + <pubDate>Thu, 19 Jan 2023 00:40:12 GMT</pubDate> + <lastBuildDate>Thu, 19 Jan 2023 12:30:15 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Thu, 19 Jan 2023 00:40:12 GMT</title> + <pubDate>Thu, 19 Jan 2023 00:40:12 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20230119004012</link> + <guid isPermaLink="false">20230119004012</guid> + <description> + <![CDATA[<pre> +patches/packages/sudo-1.9.12p2-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow + a malicious user with sudoedit privileges to edit arbitrary files. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-22809 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> + <title>Wed, 18 Jan 2023 06:11:54 GMT</title> + <pubDate>Wed, 18 Jan 2023 06:11:54 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20230118061154</link> + <guid isPermaLink="false">20230118061154</guid> + <description> + <![CDATA[<pre> +patches/packages/git-2.35.6-x86_64-1_slack15.0.txz: Upgraded. + This release fixes two security issues: + * CVE-2022-41903: + git log has the ability to display commits using an arbitrary + format with its --format specifiers. This functionality is also + exposed to git archive via the export-subst gitattribute. + When processing the padding operators (e.g., %<(, %<|(, %>(, + %>>(, or %><( ), an integer overflow can occur in + pretty.c::format_and_pad_commit() where a size_t is improperly + stored as an int, and then added as an offset to a subsequent + memcpy() call. + This overflow can be triggered directly by a user running a + command which invokes the commit formatting machinery (e.g., git + log --format=...). It may also be triggered indirectly through + git archive via the export-subst mechanism, which expands format + specifiers inside of files within the repository during a git + archive. + This integer overflow can result in arbitrary heap writes, which + may result in remote code execution. + * CVE-2022-23521: + gitattributes are a mechanism to allow defining attributes for + paths. These attributes can be defined by adding a `.gitattributes` + file to the repository, which contains a set of file patterns and + the attributes that should be set for paths matching this pattern. + When parsing gitattributes, multiple integer overflows can occur + when there is a huge number of path patterns, a huge number of + attributes for a single pattern, or when the declared attribute + names are huge. + These overflows can be triggered via a crafted `.gitattributes` file + that may be part of the commit history. Git silently splits lines + longer than 2KB when parsing gitattributes from a file, but not when + parsing them from the index. Consequentially, the failure mode + depends on whether the file exists in the working tree, the index or + both. + This integer overflow can result in arbitrary heap reads and writes, + which may result in remote code execution. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-41903 + https://www.cve.org/CVERecord?id=CVE-2022-23521 + (* Security fix *) +patches/packages/httpd-2.4.55-x86_64-1_slack15.0.txz: Upgraded. + This update fixes bugs and the following security issues: + mod_proxy allows a backend to trigger HTTP response splitting. + mod_proxy_ajp possible request smuggling. + mod_dav out of bounds read, or write of zero byte. + For more information, see: + https://downloads.apache.org/httpd/CHANGES_2.4.55 + https://www.cve.org/CVERecord?id=CVE-2022-37436 + https://www.cve.org/CVERecord?id=CVE-2022-36760 + https://www.cve.org/CVERecord?id=CVE-2006-20001 + (* Security fix *) +patches/packages/libXpm-3.5.15-x86_64-1_slack15.0.txz: Upgraded. + This update fixes security issues: + Infinite loop on unclosed comments. + Runaway loop with width of 0 and enormous height. + Compression commands depend on $PATH. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2022-46285 + https://www.cve.org/CVERecord?id=CVE-2022-44617 + https://www.cve.org/CVERecord?id=CVE-2022-4883 + (* Security fix *) +patches/packages/mozilla-firefox-102.7.0esr-x86_64-1_slack15.0.txz: Upgraded. + This update contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/firefox/102.7.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/ + https://www.cve.org/CVERecord?id=CVE-2022-46871 + https://www.cve.org/CVERecord?id=CVE-2023-23598 + https://www.cve.org/CVERecord?id=CVE-2023-23599 + https://www.cve.org/CVERecord?id=CVE-2023-23601 + https://www.cve.org/CVERecord?id=CVE-2023-23602 + https://www.cve.org/CVERecord?id=CVE-2022-46877 + https://www.cve.org/CVERecord?id=CVE-2023-23603 + https://www.cve.org/CVERecord?id=CVE-2023-23605 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Fri, 13 Jan 2023 20:29:55 GMT</title> <pubDate>Fri, 13 Jan 2023 20:29:55 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20230113202955</link> |