Tue Jan 26 21:20:58 UTC 202120210126212058

ap/sudo-1.9.5p2-x86_64-1.txz: Upgraded. When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 (* Security fix *) d/binutils-2.36-x86_64-2.txz: Rebuilt. Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8: [PATCH] ELF: Don't generate unused section symbols This fixes building the kernel. l/loudmouth-1.5.4-x86_64-1.txz: Upgraded. n/autofs-5.1.7-x86_64-1.txz: Upgraded. n/dnsmasq-2.84-x86_64-1.txz: Upgraded. n/tin-2.4.5-x86_64-1.txz: Upgraded. xap/gparted-1.2.0-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-78.7.0-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964 (* Security fix *)
author: Patrick J Volkerding <volkerdi@slackware.com> 2021-01-26 21:20:58 +0000
committer: Eric Hameleers <alien@slackware.com> 2021-01-27 14:59:56 +0100
commit: e833eebc98fb1e72bcd9821f5ad437d1e93f3adf (patch)
tree: 73ff358d07571b9e95ce44b4badc5c5ea54a9fa3 /ChangeLog.rss
parent: 3e99129ce30e9474c935b340011d77bf3e72842b (diff)
download: current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.gz
current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.xz
1 files changed, 47 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index bec84ed0d..62ccd84ca 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,55 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon, 25 Jan 2021 20:42:50 GMT</pubDate>
-      <lastBuildDate>Tue, 26 Jan 2021 07:59:44 GMT</lastBuildDate>
+      <pubDate>Tue, 26 Jan 2021 21:20:58 GMT</pubDate>
+      <lastBuildDate>Wed, 27 Jan 2021 13:59:49 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.12</generator>
       <item>
+         <title>Tue, 26 Jan 2021 21:20:58 GMT</title>
+         <pubDate>Tue, 26 Jan 2021 21:20:58 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20210126212058</link>
+         <guid isPermaLink="false">20210126212058</guid>
+         <description>
+           <![CDATA[<pre>
+ap/sudo-1.9.5p2-x86_64-1.txz:  Upgraded.
+  When invoked as sudoedit, the same set of command line options
+  are now accepted as for "sudo -e". The -H and -P options are
+  now rejected for sudoedit and "sudo -e" which matches the sudo
+  1.7 behavior. This is part of the fix for CVE-2021-3156.
+  Fixed a potential buffer overflow when unescaping backslashes
+  in the command's arguments. Normally, sudo escapes special
+  characters when running a command via a shell (sudo -s or sudo
+  -i). However, it was also possible to run sudoedit with the -s
+  or -i flags in which case no escaping had actually been done,
+  making a buffer overflow possible. This fixes CVE-2021-3156.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
+  (* Security fix *)
+d/binutils-2.36-x86_64-2.txz:  Rebuilt.
+  Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8:
+  [PATCH] ELF: Don't generate unused section symbols
+  This fixes building the kernel.
+l/loudmouth-1.5.4-x86_64-1.txz:  Upgraded.
+n/autofs-5.1.7-x86_64-1.txz:  Upgraded.
+n/dnsmasq-2.84-x86_64-1.txz:  Upgraded.
+n/tin-2.4.5-x86_64-1.txz:  Upgraded.
+xap/gparted-1.2.0-x86_64-1.txz:  Upgraded.
+xap/mozilla-thunderbird-78.7.0-x86_64-1.txz:  Upgraded.
+  This release contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Mon, 25 Jan 2021 20:42:50 GMT</title>
          <pubDate>Mon, 25 Jan 2021 20:42:50 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20210125204250</link>
author	Patrick J Volkerding <volkerdi@slackware.com>	2021-01-26 21:20:58 +0000
committer	Eric Hameleers <alien@slackware.com>	2021-01-27 14:59:56 +0100
commit	e833eebc98fb1e72bcd9821f5ad437d1e93f3adf (patch)
tree	73ff358d07571b9e95ce44b4badc5c5ea54a9fa3 /ChangeLog.rss
parent	3e99129ce30e9474c935b340011d77bf3e72842b (diff)
download	current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.gz current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.xz