From 49c42264db93dbcfad7b9c15f7cb731627cc4ebc Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 1 Jun 2018 21:28:10 +0000
Subject: Fri Jun  1 21:28:10 UTC 2018

a/mcelog-158-x86_64-1.txz:  Upgraded.
a/pkgtools-15.0-noarch-15.txz:  Rebuilt.
  installpkg, upgradepkg: test tty -s before using tput. Thanks to aaazen.
d/cmake-3.11.3-x86_64-1.txz:  Upgraded.
l/imagemagick-6.9.9_49-x86_64-1.txz:  Upgraded.
  Support OpenMP. This had been disabled years ago due to issues with perl
  modules, but probably that's been fixed by now. Thanks to olear.
l/pygobject3-3.28.3-x86_64-1.txz:  Upgraded.
x/xf86-input-evdev-2.10.6-x86_64-1.txz:  Upgraded.
x/xf86-input-synaptics-1.9.1-x86_64-1.txz:  Upgraded.
xap/fvwm-2.6.8-x86_64-1.txz:  Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txz:  Upgraded.
---
 ChangeLog.txt | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 702274b2f..2ad5792aa 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,17 @@
+Fri Jun  1 21:28:10 UTC 2018
+a/mcelog-158-x86_64-1.txz:  Upgraded.
+a/pkgtools-15.0-noarch-15.txz:  Rebuilt.
+  installpkg, upgradepkg: test tty -s before using tput. Thanks to aaazen.
+d/cmake-3.11.3-x86_64-1.txz:  Upgraded.
+l/imagemagick-6.9.9_49-x86_64-1.txz:  Upgraded.
+  Support OpenMP. This had been disabled years ago due to issues with perl
+  modules, but probably that's been fixed by now. Thanks to olear.
+l/pygobject3-3.28.3-x86_64-1.txz:  Upgraded.
+x/xf86-input-evdev-2.10.6-x86_64-1.txz:  Upgraded.
+x/xf86-input-synaptics-1.9.1-x86_64-1.txz:  Upgraded.
+xap/fvwm-2.6.8-x86_64-1.txz:  Upgraded.
+extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txz:  Upgraded.
++--------------------------+
 Thu May 31 04:55:33 UTC 2018
 a/kernel-generic-4.14.47-x86_64-1.txz:  Upgraded.
 a/kernel-huge-4.14.47-x86_64-1.txz:  Upgraded.
@@ -26,6 +40,22 @@ ap/slackpkg-2.83.0-noarch-1.txz:  Upgraded.
   mandoc lint fixes to slackpkg.8
   Warn user if a -current mirror is selected (but only warn once)
 d/git-2.17.1-x86_64-1.txz:  Upgraded.
+  This update fixes security issues:
+  Submodule "names" come from the untrusted .gitmodules file, but we
+  blindly append them to $GIT_DIR/modules to create our on-disk repo
+  paths. This means you can do bad things by putting "../" into the
+  name. We now enforce some rules for submodule names which will cause
+  Git to ignore these malicious names (CVE-2018-11235).
+  Credit for finding this vulnerability and the proof of concept from
+  which the test script was adapted goes to Etienne Stalmans.
+  It was possible to trick the code that sanity-checks paths on NTFS
+  into reading random piece of memory (CVE-2018-11233).
+  Credit for fixing for these bugs goes to Jeff King, Johannes
+  Schindelin and others.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233
+  (* Security fix *)
 d/kernel-headers-4.14.47-x86-1.txz:  Upgraded.
 d/rust-1.26.1-x86_64-1.txz:  Upgraded.
 k/kernel-source-4.14.47-noarch-1.txz:  Upgraded.
-- 
cgit v1.2.3-79-gdb01