summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt44
1 files changed, 44 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 21ee7c741..784f2bffd 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,47 @@
+Thu Apr 18 21:13:58 UTC 2019
+ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
+ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
+l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/icu4c-64.2-x86_64-1.txz: Upgraded.
+l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
+ Shared library .so-version bump.
+l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+l/zstd-1.4.0-x86_64-1.txz: Upgraded.
+n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
+n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ Trying to login with 8bit username containing invalid UTF8 input causes
+ auth process to crash if auth policy is enabled. This could be used rather
+ easily to cause a DoS. Similar crash also happens during mail delivery
+ when using invalid UTF8 in From or Subject header when OX push
+ notification driver is used.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
+ (* Security fix *)
+n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
+n/openssh-8.0p1-x86_64-1.txz: Upgraded.
+ This release contains a mitigation for a weakness in the scp(1) tool
+ and protocol (CVE-2019-6111): when copying files from a remote system
+ to a local directory, scp(1) did not verify that the filenames that
+ the server sent matched those requested by the client. This could
+ allow a hostile server to create or clobber unexpected local files
+ with attacker-controlled content.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
+ (* Security fix *)
+xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
+ Compiled against libcdio-2.1.0.
+xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
+extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
+ Compiled against libcdio-2.1.0.
+extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
+ Recompiled against libcdio-2.1.0.
++--------------------------+
Wed Apr 17 20:27:23 UTC 2019
a/kernel-generic-4.19.35-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.35-x86_64-1.txz: Upgraded.