summaryrefslogtreecommitdiffstats
path: root/ChangeLog.rss
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2024-04-14 18:35:32 +0000
committer Eric Hameleers <alien@slackware.com>2024-04-14 21:00:38 +0200
commita9219aba34a8cb902d1b331af02a828beb4ca257 (patch)
treeda7aeeb7dded8279d50c682ca5bc76f42c5d62cf /ChangeLog.rss
parent34da3f5aa8336e5ba6f3e429fce7e1b9b7f6e984 (diff)
downloadcurrent-a9219aba34a8cb902d1b331af02a828beb4ca257.tar.gz
current-a9219aba34a8cb902d1b331af02a828beb4ca257.tar.xz
Sun Apr 14 18:35:32 UTC 202420240414183532
a/less-653-x86_64-2.txz: Rebuilt. This update patches a security issue: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-32487 (* Security fix *) ap/inxi-3.3.34_1-noarch-1.txz: Upgraded. d/python-setuptools-69.5.1-x86_64-1.txz: Upgraded. n/bluez-5.74-x86_64-1.txz: Upgraded. xfce/xfce4-notifyd-0.9.4-x86_64-1.txz: Upgraded. Almost everyone has jumped to this version, so we'll get with the program.
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r--ChangeLog.rss29
1 files changed, 27 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index 5fedbcc98..5d6885a7f 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,35 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Sat, 13 Apr 2024 19:45:25 GMT</pubDate>
- <lastBuildDate>Sat, 13 Apr 2024 20:01:26 GMT</lastBuildDate>
+ <pubDate>Sun, 14 Apr 2024 18:35:32 GMT</pubDate>
+ <lastBuildDate>Sun, 14 Apr 2024 19:00:32 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.17</generator>
<item>
+ <title>Sun, 14 Apr 2024 18:35:32 GMT</title>
+ <pubDate>Sun, 14 Apr 2024 18:35:32 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20240414183532</link>
+ <guid isPermaLink="false">20240414183532</guid>
+ <description>
+ <![CDATA[<pre>
+a/less-653-x86_64-2.txz: Rebuilt.
+ This update patches a security issue:
+ less through 653 allows OS command execution via a newline character in the
+ name of a file, because quoting is mishandled in filename.c. Exploitation
+ typically requires use with attacker-controlled file names, such as the files
+ extracted from an untrusted archive. Exploitation also requires the LESSOPEN
+ environment variable, but this is set by default in many common cases.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-32487
+ (* Security fix *)
+ap/inxi-3.3.34_1-noarch-1.txz: Upgraded.
+d/python-setuptools-69.5.1-x86_64-1.txz: Upgraded.
+n/bluez-5.74-x86_64-1.txz: Upgraded.
+xfce/xfce4-notifyd-0.9.4-x86_64-1.txz: Upgraded.
+ Almost everyone has jumped to this version, so we'll get with the program.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Sat, 13 Apr 2024 19:45:25 GMT</title>
<pubDate>Sat, 13 Apr 2024 19:45:25 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20240413194525</link>