diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index ceaf908f7..590013868 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,24 @@ +Fri Jan 31 20:46:25 UTC 2020 +a/util-linux-2.35.1-x86_64-1.txz: Upgraded. +a/zerofree-1.1.1-x86_64-1.txz: Added. + Also queued up for the next installer build. Thanks to bifferos. +ap/sudo-1.8.31-x86_64-1.txz: Upgraded. + This update fixes a security issue: + In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can + trigger a stack-based buffer overflow in the privileged sudo process. + (pwfeedback is a default setting in some Linux distributions; however, it + is not the default for upstream or in Slackware, and would exist only if + enabled by an administrator.) The attacker needs to deliver a long string + to the stdin of getln() in tgetpass.c. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18634 + (* Security fix *) +n/NetworkManager-1.22.6-x86_64-1.txz: Upgraded. +n/openldap-client-2.4.49-x86_64-1.txz: Upgraded. +xfce/Thunar-1.8.11-x86_64-1.txz: Removed. +xfce/thunar-1.8.12-x86_64-1.txz: Added. + Changed package name from "Thunar" to "thunar" to follow upstream's naming. ++--------------------------+ Fri Jan 31 03:36:03 UTC 2020 a/inotify-tools-3.20.2-x86_64-1.txz: Upgraded. d/llvm-9.0.1-x86_64-3.txz: Rebuilt. |