diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2021-01-26 21:20:58 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2021-01-27 14:59:56 +0100 |
| commit | e833eebc98fb1e72bcd9821f5ad437d1e93f3adf (patch) | |
| tree | 73ff358d07571b9e95ce44b4badc5c5ea54a9fa3 /ChangeLog.txt | |
| parent | 3e99129ce30e9474c935b340011d77bf3e72842b (diff) | |
| download | current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.gz current-e833eebc98fb1e72bcd9821f5ad437d1e93f3adf.tar.xz | |
Tue Jan 26 21:20:58 UTC 202120210126212058
ap/sudo-1.9.5p2-x86_64-1.txz: Upgraded.
When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
(* Security fix *)
d/binutils-2.36-x86_64-2.txz: Rebuilt.
Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8:
[PATCH] ELF: Don't generate unused section symbols
This fixes building the kernel.
l/loudmouth-1.5.4-x86_64-1.txz: Upgraded.
n/autofs-5.1.7-x86_64-1.txz: Upgraded.
n/dnsmasq-2.84-x86_64-1.txz: Upgraded.
n/tin-2.4.5-x86_64-1.txz: Upgraded.
xap/gparted-1.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-78.7.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964
(* Security fix *)
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 44d20d2c6..ef6926e22 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,40 @@ +Tue Jan 26 21:20:58 UTC 2021 +ap/sudo-1.9.5p2-x86_64-1.txz: Upgraded. + When invoked as sudoedit, the same set of command line options + are now accepted as for "sudo -e". The -H and -P options are + now rejected for sudoedit and "sudo -e" which matches the sudo + 1.7 behavior. This is part of the fix for CVE-2021-3156. + Fixed a potential buffer overflow when unescaping backslashes + in the command's arguments. Normally, sudo escapes special + characters when running a command via a shell (sudo -s or sudo + -i). However, it was also possible to run sudoedit with the -s + or -i flags in which case no escaping had actually been done, + making a buffer overflow possible. This fixes CVE-2021-3156. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156 + (* Security fix *) +d/binutils-2.36-x86_64-2.txz: Rebuilt. + Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8: + [PATCH] ELF: Don't generate unused section symbols + This fixes building the kernel. +l/loudmouth-1.5.4-x86_64-1.txz: Upgraded. +n/autofs-5.1.7-x86_64-1.txz: Upgraded. +n/dnsmasq-2.84-x86_64-1.txz: Upgraded. +n/tin-2.4.5-x86_64-1.txz: Upgraded. +xap/gparted-1.2.0-x86_64-1.txz: Upgraded. +xap/mozilla-thunderbird-78.7.0-x86_64-1.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/ + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964 + (* Security fix *) ++--------------------------+ Mon Jan 25 20:42:50 UTC 2021 a/openssl10-solibs-1.0.2u-x86_64-2.txz: Removed. d/make-4.3-x86_64-2.txz: Rebuilt. |