diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-08-15 20:23:47 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-08-16 13:30:28 +0200 |
| commit | cffeb680aad4319c1d5fb44fc6b2c53a42d69617 (patch) | |
| tree | e735fd17cd0ccbe4d5cfcf66db47f44a71fc02be /ChangeLog.rss | |
| parent | 24a490781722e3d85824de3a0fd52ebeb35cc14b (diff) | |
| download | current-cffeb680aad4319c1d5fb44fc6b2c53a42d69617.tar.gz current-cffeb680aad4319c1d5fb44fc6b2c53a42d69617.tar.xz | |
Mon Aug 15 20:23:47 UTC 202220220815202347_15.0
patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded.
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
(* Security fix *)
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index c78918205..e2cb9ad57 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,32 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Sat, 13 Aug 2022 19:12:40 GMT</pubDate> - <lastBuildDate>Sun, 14 Aug 2022 11:30:16 GMT</lastBuildDate> + <pubDate>Mon, 15 Aug 2022 20:23:47 GMT</pubDate> + <lastBuildDate>Tue, 16 Aug 2022 11:30:16 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.17</generator> <item> + <title>Mon, 15 Aug 2022 20:23:47 GMT</title> + <pubDate>Mon, 15 Aug 2022 20:23:47 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20220815202347</link> + <guid isPermaLink="false">20220815202347</guid> + <description> + <![CDATA[<pre> +patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. + Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 + (* Security fix *) + </pre>]]> + </description> + </item> + <item> <title>Sat, 13 Aug 2022 19:12:40 GMT</title> <pubDate>Sat, 13 Aug 2022 19:12:40 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20220813191240</link> |