From 837ec54cfe1c06e90127faa662eb29ccf67150c7 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 19 May 2023 18:59:24 +0000 Subject: Fri May 19 18:59:24 UTC 2023 patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. With execv() command line arguments are passed as separate strings and not the full command line in a single string. This prevents arbitrary command execution by escaping the quoting of the arguments in a job with forged job title. Thanks to marav. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-24805 (* Security fix *) --- ChangeLog.rss | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'ChangeLog.rss') diff --git a/ChangeLog.rss b/ChangeLog.rss index 0f2b843e3..ad60250a2 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,9 +11,29 @@ Tracking Slackware development in git. en-us urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f - Wed, 17 May 2023 20:59:51 GMT - Thu, 18 May 2023 11:30:15 GMT + Fri, 19 May 2023 18:59:24 GMT + Sat, 20 May 2023 11:38:45 GMT maintain_current_git.sh v 1.17 + + Fri, 19 May 2023 18:59:24 GMT + Fri, 19 May 2023 18:59:24 GMT + https://git.slackware.nl/current/tag/?h=20230519185924 + 20230519185924 + + +patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz: Upgraded. + [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x. + With execv() command line arguments are passed as separate strings and + not the full command line in a single string. This prevents arbitrary + command execution by escaping the quoting of the arguments in a job + with forged job title. + Thanks to marav. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-24805 + (* Security fix *) + ]]> + + Wed, 17 May 2023 20:59:51 GMT Wed, 17 May 2023 20:59:51 GMT -- cgit v1.2.3-80-g2a13