From 837ec54cfe1c06e90127faa662eb29ccf67150c7 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 19 May 2023 18:59:24 +0000
Subject: Fri May 19 18:59:24 UTC 2023

patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz:  Upgraded.
  [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
  With execv() command line arguments are passed as separate strings and
  not the full command line in a single string. This prevents arbitrary
  command execution by escaping the quoting of the arguments in a job
  with forged job title.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-24805
  (* Security fix *)
---
 ChangeLog.txt | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 27ed9a0fb..8e0b73b0a 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,15 @@
+Fri May 19 18:59:24 UTC 2023
+patches/packages/cups-filters-1.28.17-x86_64-1_slack15.0.txz:  Upgraded.
+  [PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
+  With execv() command line arguments are passed as separate strings and
+  not the full command line in a single string. This prevents arbitrary
+  command execution by escaping the quoting of the arguments in a job
+  with forged job title.
+  Thanks to marav.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-24805
+  (* Security fix *)
++--------------------------+
 Wed May 17 20:59:51 UTC 2023
 patches/packages/curl-8.1.0-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes security issues:
-- 
cgit v1.2.3-65-gdbad