1 files changed, 29 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index cf33f128c..96f7b14a2 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,32 @@
+Fri Feb  9 21:48:09 UTC 2024
+patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Fixed a bug in the ICCBased color space parser that was allowing the number
+  of components to be zero. Thanks to huckleberry for the bug report.
+  Fixed a bug in the ICCBased color space parser that was allowing the number
+  of components to be zero. Thanks to huckleberry for the bug report.
+  Added checks for PDF object loops in AcroForm::scanField(),
+  Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree().
+  The zero-width character problem can also happen if the page size is very
+  large -- that needs to be limited too, the same way as character position
+  coordinates. Thanks to jlinliu for the bug report.
+  Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for
+  the bug report.
+  Fix a deadlock when an object stream's length field is contained in another
+  object stream. Thanks to Jiahao Liu for the bug report.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-2662
+    https://www.cve.org/CVERecord?id=CVE-2023-2662
+    https://www.cve.org/CVERecord?id=CVE-2018-7453
+    https://www.cve.org/CVERecord?id=CVE-2018-16369
+    https://www.cve.org/CVERecord?id=CVE-2022-36561
+    https://www.cve.org/CVERecord?id=CVE-2022-41844
+    https://www.cve.org/CVERecord?id=CVE-2023-2663
+    https://www.cve.org/CVERecord?id=CVE-2023-2664
+    https://www.cve.org/CVERecord?id=CVE-2023-3044
+    https://www.cve.org/CVERecord?id=CVE-2023-3436
+  (* Security fix *)
++--------------------------+
 Thu Feb  8 22:17:18 UTC 2024
 patches/packages/dehydrated-0.7.1-noarch-1_slack15.0.txz:  Upgraded.
   This is a bugfix release that addresses (among other things) an