diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-04-14 22:26:11 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-04-15 08:59:52 +0200 |
| commit | 4bb8e72194ac7157012e8fab88662688c811c295 (patch) | |
| tree | c62b417250a6c7baf8e2c70dfa4ac40916e2541a /ChangeLog.rss | |
| parent | aafeea9fc46e31851c058896f86d9d5c88881dd8 (diff) | |
| download | current-4bb8e72194ac7157012e8fab88662688c811c295.tar.gz current-4bb8e72194ac7157012e8fab88662688c811c295.tar.xz | |
Tue Apr 14 22:26:11 UTC 202020200414222611
a/gawk-5.1.0-x86_64-1.txz: Upgraded.
a/gettext-0.20.2-x86_64-1.txz: Upgraded.
d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded.
d/git-2.26.1-x86_64-1.txz: Upgraded.
This update fixes a security issue:
With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol. Credit for finding the
vulnerability goes to Felix Wilhelm of Google Project Zero.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
(* Security fix *)
l/glib-networking-2.64.2-x86_64-1.txz: Upgraded.
l/libsecret-0.20.3-x86_64-1.txz: Upgraded.
n/php-7.4.5-x86_64-1.txz: Upgraded.
x/xorgproto-2020.1-x86_64-1.txz: Upgraded.
xap/audacious-4.0.2-x86_64-1.txz: Upgraded.
xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded.
Diffstat (limited to 'ChangeLog.rss')
| -rw-r--r-- | ChangeLog.rss | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index e270a6a66..8d51aac7b 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,40 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Mon, 13 Apr 2020 22:16:49 GMT</pubDate> - <lastBuildDate>Tue, 14 Apr 2020 06:59:37 GMT</lastBuildDate> + <pubDate>Tue, 14 Apr 2020 22:26:11 GMT</pubDate> + <lastBuildDate>Wed, 15 Apr 2020 06:59:46 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.11</generator> <item> + <title>Tue, 14 Apr 2020 22:26:11 GMT</title> + <pubDate>Tue, 14 Apr 2020 22:26:11 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20200414222611</link> + <guid isPermaLink="false">20200414222611</guid> + <description> + <![CDATA[<pre> +a/gawk-5.1.0-x86_64-1.txz: Upgraded. +a/gettext-0.20.2-x86_64-1.txz: Upgraded. +d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded. +d/git-2.26.1-x86_64-1.txz: Upgraded. + This update fixes a security issue: + With a crafted URL that contains a newline in it, the credential helper + machinery can be fooled to give credential information for a wrong host. + The attack has been made impossible by forbidding a newline character in + any value passed via the credential protocol. Credit for finding the + vulnerability goes to Felix Wilhelm of Google Project Zero. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260 + (* Security fix *) +l/glib-networking-2.64.2-x86_64-1.txz: Upgraded. +l/libsecret-0.20.3-x86_64-1.txz: Upgraded. +n/php-7.4.5-x86_64-1.txz: Upgraded. +x/xorgproto-2020.1-x86_64-1.txz: Upgraded. +xap/audacious-4.0.2-x86_64-1.txz: Upgraded. +xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded. +extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded. + </pre>]]> + </description> + </item> + <item> <title>Mon, 13 Apr 2020 22:16:49 GMT</title> <pubDate>Mon, 13 Apr 2020 22:16:49 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20200413221649</link> |