1 files changed, 48 insertions, 2 deletions

diff --git a/ChangeLog.rss b/ChangeLog.rss
index e0a767b60..277c5e564 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,56 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate>
-      <lastBuildDate>Tue, 18 Oct 2022 11:30:20 GMT</lastBuildDate>
+      <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate>
+      <lastBuildDate>Wed, 19 Oct 2022 11:29:59 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.17</generator>
       <item>
+         <title>Tue, 18 Oct 2022 20:29:54 GMT</title>
+         <pubDate>Tue, 18 Oct 2022 20:29:54 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20221018202954</link>
+         <guid isPermaLink="false">20221018202954</guid>
+         <description>
+           <![CDATA[<pre>
+patches/packages/git-2.35.5-x86_64-1_slack15.0.txz:  Upgraded.
+  This release fixes two security issues:
+  * CVE-2022-39253:
+  When relying on the `--local` clone optimization, Git dereferences
+  symbolic links in the source repository before creating hardlinks
+  (or copies) of the dereferenced link in the destination repository.
+  This can lead to surprising behavior where arbitrary files are
+  present in a repository's `$GIT_DIR` when cloning from a malicious
+  repository.
+  Git will no longer dereference symbolic links via the `--local`
+  clone mechanism, and will instead refuse to clone repositories that
+  have symbolic links present in the `$GIT_DIR/objects` directory.
+  Additionally, the value of `protocol.file.allow` is changed to be
+  "user" by default.
+  * CVE-2022-39260:
+  An overly-long command string given to `git shell` can result in
+  overflow in `split_cmdline()`, leading to arbitrary heap writes and
+  remote code execution when `git shell` is exposed and the directory
+  `$HOME/git-shell-commands` exists.
+  `git shell` is taught to refuse interactive commands that are
+  longer than 4MiB in size. `split_cmdline()` is hardened to reject
+  inputs larger than 2GiB.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
+  (* Security fix *)
+patches/packages/mozilla-firefox-102.4.0esr-x86_64-1_slack15.0.txz:  Upgraded.
+  This update contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/firefox/102.4.0/releasenotes/
+    https://www.mozilla.org/security/advisories/mfsa2022-45/
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
+  (* Security fix *)
+           </pre>]]>
+         </description>
+      </item>
+      <item>
          <title>Mon, 17 Oct 2022 19:31:45 GMT</title>
          <pubDate>Mon, 17 Oct 2022 19:31:45 GMT</pubDate>
          <link>https://git.slackware.nl/current/tag/?h=20221017193145</link>