diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 0345c783d..f9ed7d445 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,25 @@ +Tue Apr 14 22:26:11 UTC 2020 +a/gawk-5.1.0-x86_64-1.txz: Upgraded. +a/gettext-0.20.2-x86_64-1.txz: Upgraded. +d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded. +d/git-2.26.1-x86_64-1.txz: Upgraded. + This update fixes a security issue: + With a crafted URL that contains a newline in it, the credential helper + machinery can be fooled to give credential information for a wrong host. + The attack has been made impossible by forbidding a newline character in + any value passed via the credential protocol. Credit for finding the + vulnerability goes to Felix Wilhelm of Google Project Zero. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260 + (* Security fix *) +l/glib-networking-2.64.2-x86_64-1.txz: Upgraded. +l/libsecret-0.20.3-x86_64-1.txz: Upgraded. +n/php-7.4.5-x86_64-1.txz: Upgraded. +x/xorgproto-2020.1-x86_64-1.txz: Upgraded. +xap/audacious-4.0.2-x86_64-1.txz: Upgraded. +xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded. +extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded. ++--------------------------+ Mon Apr 13 22:16:49 UTC 2020 a/kernel-firmware-20200413_64dba0f-noarch-1.txz: Upgraded. a/kernel-generic-5.4.32-x86_64-1.txz: Upgraded. |