diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2022-06-23 05:30:51 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2022-06-24 01:30:06 +0200 |
| commit | 40bf9bf864ed33599654671687a082f83ccca943 (patch) | |
| tree | 2f55dae0df27b27678de3ac678fe076996b4022c /patches/source/mozilla-thunderbird | |
| parent | 7809bcc7623e84d08a096f1d910be6f3fe34fc1f (diff) | |
| download | current-40bf9bf864ed33599654671687a082f83ccca943.tar.gz current-40bf9bf864ed33599654671687a082f83ccca943.tar.xz | |
Thu Jun 23 05:30:51 UTC 202220220623053051_15.0
patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
For more information, see:
https://www.openssl.org/news/secadv/20220621.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
(* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
Diffstat (limited to 'patches/source/mozilla-thunderbird')
0 files changed, 0 insertions, 0 deletions