diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index fd9c34aea..dd71be4b4 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,20 @@ +Sun Apr 14 18:35:32 UTC 2024 +a/less-653-x86_64-2.txz: Rebuilt. + This update patches a security issue: + less through 653 allows OS command execution via a newline character in the + name of a file, because quoting is mishandled in filename.c. Exploitation + typically requires use with attacker-controlled file names, such as the files + extracted from an untrusted archive. Exploitation also requires the LESSOPEN + environment variable, but this is set by default in many common cases. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2024-32487 + (* Security fix *) +ap/inxi-3.3.34_1-noarch-1.txz: Upgraded. +d/python-setuptools-69.5.1-x86_64-1.txz: Upgraded. +n/bluez-5.74-x86_64-1.txz: Upgraded. +xfce/xfce4-notifyd-0.9.4-x86_64-1.txz: Upgraded. + Almost everyone has jumped to this version, so we'll get with the program. ++--------------------------+ Sat Apr 13 19:45:25 UTC 2024 l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded. Revert to the previous ImageMagick because the latest one is destroying SVG |