diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2018-08-02 20:12:10 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2018-08-03 09:00:36 +0200 |
| commit | 564ec5a0ace4d77efaa63cccd7f542a454022b6d (patch) | |
| tree | 3711f80ac2edaa4323c6ea5041e1d6d54b2c9312 /ChangeLog.rss | |
| parent | 22d153f9e271d438e0d5094ac8603b97105665bd (diff) | |
| download | current-564ec5a0ace4d77efaa63cccd7f542a454022b6d.tar.gz current-564ec5a0ace4d77efaa63cccd7f542a454022b6d.tar.xz | |
Thu Aug 2 20:12:10 UTC 201820180802201210
ap/hplip-3.18.7-x86_64-1.txz: Upgraded.
l/harfbuzz-1.8.5-x86_64-1.txz: Upgraded.
n/lftp-4.8.4-x86_64-1.txz: Upgraded.
It has been discovered that lftp up to and including version 4.8.3 does
not properly sanitize remote file names, leading to a loss of integrity
on the local system when reverse mirroring is used. A remote attacker
may trick a user to use reverse mirroring on an attacker controlled FTP
server, resulting in the removal of all files in the current working
directory of the victim's system.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
(* Security fix *)
x/fonttosfnt-1.0.5-x86_64-1.txz: Upgraded.
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 5a158adb7..084c24252 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,33 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Wed, 1 Aug 2018 22:38:53 GMT</pubDate> - <lastBuildDate>Thu, 2 Aug 2018 07:00:33 GMT</lastBuildDate> + <pubDate>Thu, 2 Aug 2018 20:12:10 GMT</pubDate> + <lastBuildDate>Fri, 3 Aug 2018 07:00:33 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.10</generator> <item> + <title>Thu, 2 Aug 2018 20:12:10 GMT</title> + <pubDate>Thu, 2 Aug 2018 20:12:10 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20180802201210</link> + <guid isPermaLink="false">20180802201210</guid> + <description> + <![CDATA[<pre> +ap/hplip-3.18.7-x86_64-1.txz: Upgraded. +l/harfbuzz-1.8.5-x86_64-1.txz: Upgraded. +n/lftp-4.8.4-x86_64-1.txz: Upgraded. + It has been discovered that lftp up to and including version 4.8.3 does + not properly sanitize remote file names, leading to a loss of integrity + on the local system when reverse mirroring is used. A remote attacker + may trick a user to use reverse mirroring on an attacker controlled FTP + server, resulting in the removal of all files in the current working + directory of the victim's system. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916 + (* Security fix *) +x/fonttosfnt-1.0.5-x86_64-1.txz: Upgraded. + </pre>]]> + </description> + </item> + <item> <title>Wed, 1 Aug 2018 22:38:53 GMT</title> <pubDate>Wed, 1 Aug 2018 22:38:53 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20180801223853</link> |