From a5dc0f82be04d16d330f1343600a16ee1f2a44cc Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 20 Dec 2022 20:40:18 +0000
Subject: Tue Dec 20 20:40:18 UTC 2022

patches/packages/libksba-1.6.3-x86_64-1_slack15.0.txz:  Upgraded.
  Fix another integer overflow in the CRL's signature parser.
  (* Security fix *)
patches/packages/sdl-1.2.15-x86_64-13_slack15.0.txz:  Rebuilt.
  This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
  By crafting a malicious .BMP file, an attacker can cause the application
  using this library to crash, denial of service, or code execution.
  Thanks to marav for the heads-up.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2021-33657
  (* Security fix *)
---
 ChangeLog.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 9782e5949..80f21b549 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,16 @@
+Tue Dec 20 20:40:18 UTC 2022
+patches/packages/libksba-1.6.3-x86_64-1_slack15.0.txz:  Upgraded.
+  Fix another integer overflow in the CRL's signature parser.
+  (* Security fix *)
+patches/packages/sdl-1.2.15-x86_64-13_slack15.0.txz:  Rebuilt.
+  This update fixes a heap overflow problem in video/SDL_pixels.c in SDL.
+  By crafting a malicious .BMP file, an attacker can cause the application
+  using this library to crash, denial of service, or code execution.
+  Thanks to marav for the heads-up.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2021-33657
+  (* Security fix *)
++--------------------------+
 Mon Dec 19 21:18:22 UTC 2022
 patches/packages/xorg-server-1.20.14-x86_64-6_slack15.0.txz:  Rebuilt.
   This release fixes an invalid event type mask in XTestSwapFakeInput which
-- 
cgit v1.2.3-79-gdb01