diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2023-09-15 19:48:39 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2023-09-15 22:39:11 +0200 |
| commit | 49400c361ad81bc9edb2f7598e82f4ecf035233b (patch) | |
| tree | d2a464942e4f6a967db47b271f39bd5c27ca9388 /ChangeLog.txt | |
| parent | 49e5654148f85c784c279d21c2c642dcb83c5df1 (diff) | |
| download | current-49400c361ad81bc9edb2f7598e82f4ecf035233b.tar.gz current-49400c361ad81bc9edb2f7598e82f4ecf035233b.tar.xz | |
Fri Sep 15 19:48:39 UTC 202320230915194839
ap/ksh93-1.0.7-x86_64-1.txz: Upgraded.
d/cmake-3.27.5-x86_64-1.txz: Upgraded.
d/python3-3.9.18-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
of the TLS handshake and included protections (like certificate verification)
and treating sent unencrypted data as if it were post-handshake TLS encrypted
data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-40217
(* Security fix *)
l/gvfs-1.52.0-x86_64-1.txz: Upgraded.
l/mozjs102-102.15.1esr-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21-x86_64-1.txz: Upgraded.
x/ibus-table-1.17.3-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.28-x86_64-1.txz: Upgraded.
x/libva-2.20.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.20.0-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.18-x86_64-1.txz: Upgraded.
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 3ff46fd6b..388dd4a52 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,24 @@ +Fri Sep 15 19:48:39 UTC 2023 +ap/ksh93-1.0.7-x86_64-1.txz: Upgraded. +d/cmake-3.27.5-x86_64-1.txz: Upgraded. +d/python3-3.9.18-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass + of the TLS handshake and included protections (like certificate verification) + and treating sent unencrypted data as if it were post-handshake TLS encrypted + data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith. + For more information, see: + https://www.cve.org/CVERecord?id=CVE-2023-40217 + (* Security fix *) +l/gvfs-1.52.0-x86_64-1.txz: Upgraded. +l/mozjs102-102.15.1esr-x86_64-1.txz: Upgraded. +n/dovecot-2.3.21-x86_64-1.txz: Upgraded. +x/ibus-table-1.17.3-x86_64-1.txz: Upgraded. +x/igt-gpu-tools-1.28-x86_64-1.txz: Upgraded. +x/libva-2.20.0-x86_64-1.txz: Upgraded. +x/libva-utils-2.20.0-x86_64-1.txz: Upgraded. +xfce/elementary-xfce-0.18-x86_64-1.txz: Upgraded. ++--------------------------+ Thu Sep 14 21:10:50 UTC 2023 a/btrfs-progs-6.5.1-x86_64-1.txz: Upgraded. a/f2fs-tools-1.16.0-x86_64-2.txz: Rebuilt. |