Tue Jan 26 21:20:58 UTC 202120210126212058

ap/sudo-1.9.5p2-x86_64-1.txz:  Upgraded.
  When invoked as sudoedit, the same set of command line options
  are now accepted as for "sudo -e". The -H and -P options are
  now rejected for sudoedit and "sudo -e" which matches the sudo
  1.7 behavior. This is part of the fix for CVE-2021-3156.
  Fixed a potential buffer overflow when unescaping backslashes
  in the command's arguments. Normally, sudo escapes special
  characters when running a command via a shell (sudo -s or sudo
  -i). However, it was also possible to run sudoedit with the -s
  or -i flags in which case no escaping had actually been done,
  making a buffer overflow possible. This fixes CVE-2021-3156.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
  (* Security fix *)
d/binutils-2.36-x86_64-2.txz:  Rebuilt.
  Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8:
  [PATCH] ELF: Don't generate unused section symbols
  This fixes building the kernel.
l/loudmouth-1.5.4-x86_64-1.txz:  Upgraded.
n/autofs-5.1.7-x86_64-1.txz:  Upgraded.
n/dnsmasq-2.84-x86_64-1.txz:  Upgraded.
n/tin-2.4.5-x86_64-1.txz:  Upgraded.
xap/gparted-1.2.0-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-78.7.0-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964
  (* Security fix *)

0 files changed, 0 insertions, 0 deletions