diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 3f043ad8a..cae87ac9b 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,17 @@ +Mon Aug 15 20:23:47 UTC 2022 +patches/packages/rsync-3.2.5-x86_64-1_slack15.0.txz: Upgraded. + Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 + (* Security fix *) ++--------------------------+ Sat Aug 13 19:12:40 UTC 2022 patches/packages/glibc-zoneinfo-2022b-noarch-1_slack15.0.txz: Upgraded. This package provides the latest timezone updates. |