summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ChangeLog.txt63
1 files changed, 63 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 415fc59c1..7a587ae73 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,66 @@
+Thu May 16 02:31:40 UTC 2024
+a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
+a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
+a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
+a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
+d/git-2.45.1-x86_64-1.txz: Upgraded.
+ This update fixes security issues:
+ Recursive clones on case-insensitive filesystems that support symbolic
+ links are susceptible to case confusion that can be exploited to
+ execute just-cloned code during the clone operation.
+ Repositories can be configured to execute arbitrary code during local
+ clones. To address this, the ownership checks introduced in v2.30.3
+ are now extended to cover cloning local repositories.
+ Local clones may end up hardlinking files into the target repository's
+ object database when source and target repository reside on the same
+ disk. If the source repository is owned by a different user, then
+ those hardlinked files may be rewritten at any point in time by the
+ untrusted user.
+ When cloning a local source repository that contains symlinks via the
+ filesystem, Git may create hardlinks to arbitrary user-readable files
+ on the same filesystem as the target repository in the objects/
+ directory.
+ It is supposed to be safe to clone untrusted repositories, even those
+ unpacked from zip archives or tarballs originating from untrusted
+ sources, but Git can be tricked to run arbitrary code as part of the
+ clone.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2024-32002
+ https://www.cve.org/CVERecord?id=CVE-2024-32004
+ https://www.cve.org/CVERecord?id=CVE-2024-32020
+ https://www.cve.org/CVERecord?id=CVE-2024-32021
+ https://www.cve.org/CVERecord?id=CVE-2024-32465
+ (* Security fix *)
+d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
+d/strace-6.9-x86_64-1.txz: Upgraded.
+k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
+ BCACHEFS_FS m -> y
+ CRYPTO_CHACHA20 m -> y
+ CRYPTO_LIB_CHACHA_GENERIC m -> y
+ CRYPTO_LIB_POLY1305_GENERIC m -> y
+ CRYPTO_POLY1305 m -> y
+ MITIGATION_GDS_FORCE y -> n
+kde/wcslib-8.3-x86_64-1.txz: Upgraded.
+l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
+ ani: Reject files with multiple INA or IART chunks.
+ ani: Reject files with multiple anih chunks.
+ ani: validate chunk size.
+ Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
+ For more information, see:
+ https://www.cve.org/CVERecord?id=CVE-2022-48622
+ (* Security fix *)
+l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
+n/bind-9.18.27-x86_64-1.txz: Upgraded.
+ This is a bugfix release.
+n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
+ This is a bugfix release:
+ Build with AUTH_PAM, not AUTH_SHADOW.
+ Thanks to jayjwa.
+x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
++--------------------------+
Tue May 14 19:07:51 UTC 2024
a/kernel-firmware-20240510_b9d2bf2-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.0-x86_64-1.txz: Upgraded.
generated by cgit v1.2.3-80-g2a13 (git 2.46.2) at 2024-11-02 02:26:47 +0000