summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt37
1 files changed, 37 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 44d20d2c6..ef6926e22 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,40 @@
+Tue Jan 26 21:20:58 UTC 2021
+ap/sudo-1.9.5p2-x86_64-1.txz: Upgraded.
+ When invoked as sudoedit, the same set of command line options
+ are now accepted as for "sudo -e". The -H and -P options are
+ now rejected for sudoedit and "sudo -e" which matches the sudo
+ 1.7 behavior. This is part of the fix for CVE-2021-3156.
+ Fixed a potential buffer overflow when unescaping backslashes
+ in the command's arguments. Normally, sudo escapes special
+ characters when running a command via a shell (sudo -s or sudo
+ -i). However, it was also possible to run sudoedit with the -s
+ or -i flags in which case no escaping had actually been done,
+ making a buffer overflow possible. This fixes CVE-2021-3156.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156
+ (* Security fix *)
+d/binutils-2.36-x86_64-2.txz: Rebuilt.
+ Revert commit d1bcae833b32f1408485ce69f844dcd7ded093a8:
+ [PATCH] ELF: Don't generate unused section symbols
+ This fixes building the kernel.
+l/loudmouth-1.5.4-x86_64-1.txz: Upgraded.
+n/autofs-5.1.7-x86_64-1.txz: Upgraded.
+n/dnsmasq-2.84-x86_64-1.txz: Upgraded.
+n/tin-2.4.5-x86_64-1.txz: Upgraded.
+xap/gparted-1.2.0-x86_64-1.txz: Upgraded.
+xap/mozilla-thunderbird-78.7.0-x86_64-1.txz: Upgraded.
+ This release contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/thunderbird/78.7.0/releasenotes/
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23953
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23954
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15685
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26976
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23960
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23964
+ (* Security fix *)
++--------------------------+
Mon Jan 25 20:42:50 UTC 2021
a/openssl10-solibs-1.0.2u-x86_64-2.txz: Removed.
d/make-4.3-x86_64-2.txz: Rebuilt.
generated by cgit v1.2.3 (git 2.26.2) at 2024-04-24 09:43:38 +0000