Fri Sep 15 19:48:39 UTC 202320230915194839_15.0

patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
  of the TLS handshake and included protections (like certificate verification)
  and treating sent unencrypted data as if it were post-handshake TLS encrypted
  data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-40217
  (* Security fix *)

1 files changed, 11 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 4e219c1e3..96b597fac 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,14 @@
+Fri Sep 15 19:48:39 UTC 2023
+patches/packages/python3-3.9.18-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
+  of the TLS handshake and included protections (like certificate verification)
+  and treating sent unencrypted data as if it were post-handshake TLS encrypted
+  data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-40217
+  (* Security fix *)
++--------------------------+
 Thu Sep 14 21:10:50 UTC 2023
 patches/packages/libwebp-1.3.2-x86_64-1_slack15.0.txz:  Upgraded.
   Security fix for lossless decoder (chromium: #1479274, CVE-2023-4863).