Wed Feb 15 19:48:10 UTC 202320230215194810_15.0

patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: HTTP multi-header compression denial of service. HSTS amnesia with --parallel. HSTS ignored on multiple requests. For more information, see: https://curl.se/docs/CVE-2023-23916.html https://curl.se/docs/CVE-2023-23915.html https://curl.se/docs/CVE-2023-23914.html https://www.cve.org/CVERecord?id=CVE-2023-23916 https://www.cve.org/CVERecord?id=CVE-2023-23915 https://www.cve.org/CVERecord?id=CVE-2023-23914 (* Security fix *) patches/packages/git-2.35.7-x86_64-1_slack15.0.txz: Upgraded. This update fixes security issues: Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (c.f., CVE-2022-39253), the objects directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. By feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the user who is running "git apply". For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-22490 https://www.cve.org/CVERecord?id=CVE-2023-23946 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2023-02-15 19:48:10 +0000
committer: Eric Hameleers <alien@slackware.com> 2023-02-16 13:30:35 +0100
commit: 9b5b70af5be71074990c96cde8c7b0ac38318721 (patch)
tree: 2021f08dec1ef919c38406d49477958c15112680 /ChangeLog.rss
parent: ad9ea8bf781935db257f79f0efd1e0744c8e02c2 (diff)
download: current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.gz
current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.xz
1 files changed, 43 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index f96a5a1ee..26b92444b 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,51 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
-      <lastBuildDate>Thu, 16 Feb 2023 00:30:23 GMT</lastBuildDate>
+      <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate>
+      <lastBuildDate>Thu, 16 Feb 2023 12:30:22 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Wed, 15 Feb 2023 19:48:10 GMT</title>
+         <pubDate>Wed, 15 Feb 2023 19:48:10 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20230215194810</link>
+         <guid isPermaLink="false">20230215194810</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  HTTP multi-header compression denial of service.
+  HSTS amnesia with --parallel.
+  HSTS ignored on multiple requests.
+  For more information, see:
+    https://curl.se/docs/CVE-2023-23916.html
+    https://curl.se/docs/CVE-2023-23915.html
+    https://curl.se/docs/CVE-2023-23914.html
+    https://www.cve.org/CVERecord?id=CVE-2023-23916
+    https://www.cve.org/CVERecord?id=CVE-2023-23915
+    https://www.cve.org/CVERecord?id=CVE-2023-23914
+  (* Security fix *)
+patches/packages/git-2.35.7-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Using a specially-crafted repository, Git can be tricked into using
+  its local clone optimization even when using a non-local transport.
+  Though Git will abort local clones whose source $GIT_DIR/objects
+  directory contains symbolic links (c.f., CVE-2022-39253), the objects
+  directory itself may still be a symbolic link.
+  These two may be combined to include arbitrary files based on known
+  paths on the victim's filesystem within the malicious repository's
+  working copy, allowing for data exfiltration in a similar manner as
+  CVE-2022-39253.
+  By feeding a crafted input to "git apply", a path outside the
+  working tree can be overwritten as the user who is running "git
+  apply".
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-22490
+    https://www.cve.org/CVERecord?id=CVE-2023-23946
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Wed, 15 Feb 2023 03:05:40 GMT</title>
          <pubDate>Wed, 15 Feb 2023 03:05:40 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20230215030540</link>
author	Patrick J Volkerding <volkerdi@slackware.com>	2023-02-15 19:48:10 +0000
committer	Eric Hameleers <alien@slackware.com>	2023-02-16 13:30:35 +0100
commit	9b5b70af5be71074990c96cde8c7b0ac38318721 (patch)
tree	2021f08dec1ef919c38406d49477958c15112680 /ChangeLog.rss
parent	ad9ea8bf781935db257f79f0efd1e0744c8e02c2 (diff)
download	current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.gz current-9b5b70af5be71074990c96cde8c7b0ac38318721.tar.xz