1 files changed, 33 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 817d21fe0..35f7ee36d 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,36 @@
+Mon Oct 31 23:31:36 UTC 2022
+extra/php80/php80-8.0.25-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  GD: OOB read due to insufficient input validation in imageloadfont().
+  Hash: buffer overflow in hash_update() on long parameter.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-31630
+    https://www.cve.org/CVERecord?id=CVE-2022-37454
+  (* Security fix *)
+extra/php81/php81-8.1.12-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  GD: OOB read due to insufficient input validation in imageloadfont().
+  Hash: buffer overflow in hash_update() on long parameter.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-31630
+    https://www.cve.org/CVERecord?id=CVE-2022-37454
+  (* Security fix *)
+patches/packages/mozilla-thunderbird-102.4.1-x86_64-1_slack15.0.txz:  Upgraded.
+  This is a bugfix release.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/102.4.1/releasenotes/
+patches/packages/vim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.
+  A vulnerability was found in vim and classified as problematic. Affected by
+  this issue is the function qf_update_buffer of the file quickfix.c of the
+  component autocmd Handler. The manipulation leads to use after free. The
+  attack may be launched remotely. Upgrading to version 9.0.0805 is able to
+  address this issue.
+  Thanks to marav for the heads-up.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-3705
+  (* Security fix *)
+patches/packages/vim-gvim-9.0.0814-x86_64-1_slack15.0.txz:  Upgraded.
++--------------------------+
 Thu Oct 27 02:30:15 UTC 2022
 patches/packages/curl-7.86.0-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes security issues: