diff options
Diffstat (limited to 'ChangeLog.rss')
-rw-r--r-- | ChangeLog.rss | 57 |
1 files changed, 55 insertions, 2 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss index 02785ad21..25a066324 100644 --- a/ChangeLog.rss +++ b/ChangeLog.rss @@ -11,10 +11,63 @@ <description>Tracking Slackware development in git.</description> <language>en-us</language> <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id> - <pubDate>Sun, 19 Dec 2021 18:57:11 GMT</pubDate> - <lastBuildDate>Sun, 19 Dec 2021 19:59:43 GMT</lastBuildDate> + <pubDate>Mon, 20 Dec 2021 19:41:32 GMT</pubDate> + <lastBuildDate>Tue, 21 Dec 2021 07:59:44 GMT</lastBuildDate> <generator>maintain_current_git.sh v 1.13</generator> <item> + <title>Mon, 20 Dec 2021 19:41:32 GMT</title> + <pubDate>Mon, 20 Dec 2021 19:41:32 GMT</pubDate> + <link>https://git.slackware.nl/current/tag/?h=20211220194132</link> + <guid isPermaLink="false">20211220194132</guid> + <description> + <![CDATA[<pre> +a/pkgtools-15.0-noarch-42.txz: Rebuilt. + setup.services: list rc.nfsd. Suggested by alienBOB. +l/expat-2.4.2-x86_64-1.txz: Upgraded. +l/gegl-0.4.34-x86_64-1.txz: Upgraded. +n/httpd-2.4.52-x86_64-1.txz: Upgraded. + SECURITY: CVE-2021-44790: Possible buffer overflow when parsing + multipart content in mod_lua of Apache HTTP Server 2.4.51 and + earlier (cve.mitre.org) + A carefully crafted request body can cause a buffer overflow in + the mod_lua multipart parser (r:parsebody() called from Lua + scripts). + The Apache httpd team is not aware of an exploit for the + vulnerabilty though it might be possible to craft one. + This issue affects Apache HTTP Server 2.4.51 and earlier. + Credits: Chamal + SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in + forward proxy configurations in Apache HTTP Server 2.4.51 and + earlier (cve.mitre.org) + A crafted URI sent to httpd configured as a forward proxy + (ProxyRequests on) can cause a crash (NULL pointer dereference) + or, for configurations mixing forward and reverse proxy + declarations, can allow for requests to be directed to a + declared Unix Domain Socket endpoint (Server Side Request + Forgery). + This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 + (included). + Credits: ae 1/4*a-o(R)e 1/4 + TengMA(@Te3t123) + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224 + (* Security fix *) +xap/gimp-2.10.30-x86_64-1.txz: Upgraded. +xap/mozilla-thunderbird-91.4.1-x86_64-1.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/91.4.1/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/ + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538 + (* Security fix *) +xap/xlockmore-5.68-x86_64-1.txz: Upgraded. +xap/xsnow-3.4.2-x86_64-1.txz: Upgraded. + </pre>]]> + </description> + </item> + <item> <title>Sun, 19 Dec 2021 18:57:11 GMT</title> <pubDate>Sun, 19 Dec 2021 18:57:11 GMT</pubDate> <link>https://git.slackware.nl/current/tag/?h=20211219185711</link> |