1 files changed, 36 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 4fdf5fbee..0f5483950 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,39 @@
+Fri Oct  8 03:23:28 UTC 2021
+n/httpd-2.4.51-x86_64-1.txz:  Upgraded.
+  SECURITY: CVE-2021-42013: Path Traversal and Remote Code
+  Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
+  fix of CVE-2021-41773) (cve.mitre.org)
+  It was found that the fix for CVE-2021-41773 in Apache HTTP
+  Server 2.4.50 was insufficient.  An attacker could use a path
+  traversal attack to map URLs to files outside the directories
+  configured by Alias-like directives.
+  If files outside of these directories are not protected by the
+  usual default configuration "require all denied", these requests
+  can succeed. If CGI scripts are also enabled for these aliased
+  pathes, this could allow for remote code execution.
+  This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
+  earlier versions.
+  Credits: Reported by Juan Escobar from Dreamlab Technologies,
+  Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
+  (* Security fix *)
++--------------------------+
+Thu Oct  7 19:12:20 UTC 2021
+a/kernel-generic-5.14.10-x86_64-1.txz:  Upgraded.
+a/kernel-huge-5.14.10-x86_64-1.txz:  Upgraded.
+a/kernel-modules-5.14.10-x86_64-1.txz:  Upgraded.
+d/kernel-headers-5.14.10-x86-1.txz:  Upgraded.
+k/kernel-source-5.14.10-noarch-1.txz:  Upgraded.
+kde/kio-5.86.0-x86_64-3.txz:  Rebuilt.
+  Allow changing panel launcher icons. Thanks to RadicalDreamer and ctrlaltca.
+n/epic5-2.1.6-x86_64-1.txz:  Upgraded.
+n/gnupg2-2.2.32-x86_64-1.txz:  Upgraded.
+xap/xpaint-3.1.4-x86_64-1.txz:  Upgraded.
+isolinux/initrd.img:  Rebuilt.
+kernels/*:  Upgraded.
+usb-and-pxe-installers/usbboot.img:  Rebuilt.
++--------------------------+
 Wed Oct  6 19:25:04 UTC 2021
 a/hwdata-0.352-noarch-1.txz:  Upgraded.
 ap/nano-5.9-x86_64-1.txz:  Upgraded.