diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-04-14 21:14:21 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-04-15 13:29:52 +0200 |
| commit | 9e2efe650cfe5bf9113679ba90646e15e551b0e1 (patch) | |
| tree | 14b7b4ee19badea19ce3f3a1299c26f402025325 /ChangeLog.txt | |
| parent | 799fadd35209d233e88b64218e1f755367bf234b (diff) | |
| download | current-9e2efe650cfe5bf9113679ba90646e15e551b0e1.tar.gz current-9e2efe650cfe5bf9113679ba90646e15e551b0e1.tar.xz | |
Thu Apr 14 21:14:21 UTC 202220220414211421_15.0
patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue where a Git worktree created by another
user might be able to execute arbitrary code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
(* Security fix *)
patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded.
This update fixes a security issue:
zgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt.
This update fixes a security issue:
xzgrep applied to a crafted file name with two or more newlines can no
longer overwrite an arbitrary, attacker-selected file.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
(* Security fix *)
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 3d1bf656b..8e7e9d88d 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,25 @@ +Thu Apr 14 21:14:21 UTC 2022 +patches/packages/git-2.35.3-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue where a Git worktree created by another + user might be able to execute arbitrary code. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 + (* Security fix *) +patches/packages/gzip-1.12-x86_64-1_slack15.0.txz: Upgraded. + This update fixes a security issue: + zgrep applied to a crafted file name with two or more newlines can no + longer overwrite an arbitrary, attacker-selected file. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 + (* Security fix *) +patches/packages/xz-5.2.5-x86_64-4_slack15.0.txz: Rebuilt. + This update fixes a security issue: + xzgrep applied to a crafted file name with two or more newlines can no + longer overwrite an arbitrary, attacker-selected file. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271 + (* Security fix *) ++--------------------------+ Wed Apr 13 20:51:01 UTC 2022 patches/packages/ruby-3.0.4-x86_64-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: |