summaryrefslogtreecommitdiffstats
path: root/ChangeLog.rss
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-04-22 02:19:37 +0000
committer Eric Hameleers <alien@slackware.com>2020-04-22 08:59:52 +0200
commitbf29f9a870281df42f1c50664c2cabd208d753d0 (patch)
treee016f21ceb5581eb520855a25d9b3c05b0ea2066 /ChangeLog.rss
parent72b3c9e90fc0aaa9889f6be69da37f506cabeba2 (diff)
downloadcurrent-bf29f9a870281df42f1c50664c2cabd208d753d0.tar.gz
current-bf29f9a870281df42f1c50664c2cabd208d753d0.tar.xz
Wed Apr 22 02:19:37 UTC 202020200422021937
a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded. a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded. a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded. d/git-2.26.2-x86_64-1.txz: Upgraded. This update fixes a security issue: With a crafted URL that contains a newline or empty host, or lacks a scheme, the credential helper machinery can be fooled into providing credential information that is not appropriate for the protocol in use and host being contacted. Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the credentials are not for a host of the attacker's choosing; instead, they are for some unspecified host (based on how the configured credential helper handles an absent "host" parameter). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008 (* Security fix *) d/kernel-headers-5.4.34-x86-1.txz: Upgraded. d/vala-0.48.4-x86_64-1.txz: Upgraded. k/kernel-source-5.4.34-noarch-1.txz: Upgraded. INFINIBAND_CXGB3 n -> m INFINIBAND_IPOIB_CM n -> y INFINIBAND_IPOIB_DEBUG_DATA n -> y Thanks to Karl Magnus Kolstø. l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt. Don't package typing-3.7.4.1 for python3. l/netpbm-10.90.01-x86_64-1.txz: Upgraded. n/openssl-1.1.1g-x86_64-1.txz: Upgraded. This update fixes a security issue: Fixed segmentation fault in SSL_check_chain() that could be exploited by a malicious peer in a Denial of Service attack. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967 (* Security fix *) x/libva-2.7.1-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded. This update fixes a security issue: Fix illegal client float. Thanks to Lev Stipakov. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810 (* Security fix *) usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss59
1 files changed, 57 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index cbc6766f8..99ee89e2b 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,65 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Tue, 21 Apr 2020 02:45:06 GMT</pubDate>
- <lastBuildDate>Tue, 21 Apr 2020 06:59:47 GMT</lastBuildDate>
+ <pubDate>Wed, 22 Apr 2020 02:19:37 GMT</pubDate>
+ <lastBuildDate>Wed, 22 Apr 2020 06:59:45 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.11</generator>
<item>
+ <title>Wed, 22 Apr 2020 02:19:37 GMT</title>
+ <pubDate>Wed, 22 Apr 2020 02:19:37 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20200422021937</link>
+ <guid isPermaLink="false">20200422021937</guid>
+ <description>
+ <![CDATA[<pre>
+a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded.
+a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded.
+a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded.
+a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded.
+a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded.
+d/git-2.26.2-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ With a crafted URL that contains a newline or empty host, or lacks
+ a scheme, the credential helper machinery can be fooled into
+ providing credential information that is not appropriate for the
+ protocol in use and host being contacted.
+ Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
+ credentials are not for a host of the attacker's choosing; instead,
+ they are for some unspecified host (based on how the configured
+ credential helper handles an absent "host" parameter).
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
+ (* Security fix *)
+d/kernel-headers-5.4.34-x86-1.txz: Upgraded.
+d/vala-0.48.4-x86_64-1.txz: Upgraded.
+k/kernel-source-5.4.34-noarch-1.txz: Upgraded.
+ INFINIBAND_CXGB3 n -> m
+ INFINIBAND_IPOIB_CM n -> y
+ INFINIBAND_IPOIB_DEBUG_DATA n -> y
+ Thanks to Karl Magnus Kolstø.
+l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt.
+ Don't package typing-3.7.4.1 for python3.
+l/netpbm-10.90.01-x86_64-1.txz: Upgraded.
+n/openssl-1.1.1g-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ Fixed segmentation fault in SSL_check_chain() that could be exploited by a
+ malicious peer in a Denial of Service attack.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
+ (* Security fix *)
+x/libva-2.7.1-x86_64-1.txz: Upgraded.
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded.
+ This update fixes a security issue:
+ Fix illegal client float. Thanks to Lev Stipakov.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
+ (* Security fix *)
+usb-and-pxe-installers/usbboot.img: Rebuilt.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Tue, 21 Apr 2020 02:45:06 GMT</title>
<pubDate>Tue, 21 Apr 2020 02:45:06 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20200421024506</link>