diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 7ef26ba9a..e9369d3d3 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,18 @@ +Thu Aug 2 20:12:10 UTC 2018 +ap/hplip-3.18.7-x86_64-1.txz: Upgraded. +l/harfbuzz-1.8.5-x86_64-1.txz: Upgraded. +n/lftp-4.8.4-x86_64-1.txz: Upgraded. + It has been discovered that lftp up to and including version 4.8.3 does + not properly sanitize remote file names, leading to a loss of integrity + on the local system when reverse mirroring is used. A remote attacker + may trick a user to use reverse mirroring on an attacker controlled FTP + server, resulting in the removal of all files in the current working + directory of the victim's system. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916 + (* Security fix *) +x/fonttosfnt-1.0.5-x86_64-1.txz: Upgraded. ++--------------------------+ Wed Aug 1 22:38:53 UTC 2018 ap/man-db-2.8.4-x86_64-1.txz: Upgraded. d/gdb-8.1.1-x86_64-1.txz: Upgraded. |