1 files changed, 20 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index e77b8e83b..dd0f64342 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,23 @@
+Tue Feb 15 20:00:48 UTC 2022
+patches/packages/aaa_base-15.0-x86_64-4_slack15.0.txz:  Rebuilt.
+  If root's mailbox did not already exist, it would be created with insecure
+  permissions leading to possible local information disclosure. This update
+  ensures that a new mailbox will be created with proper permissions and
+  ownership, and corrects the permissions on an existing mailbox if they are
+  found to be incorrect. Thanks to Martin for the bug report.
+  (* Security fix *)
+patches/packages/util-linux-2.37.4-x86_64-1_slack15.0.txz:  Upgraded.
+  This release fixes a security issue in chsh(1) and chfn(8):
+  By default, these utilities had been linked with libreadline, which allows
+  the INPUTRC environment variable to be abused to produce an error message
+  containing data from an arbitrary file. So, don't link these utilities with
+  libreadline as it does not use secure_getenv() (or a similar concept), or
+  sanitize the config file path to avoid vulnerabilities that could occur in
+  set-user-ID or set-group-ID programs.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0563
+  (* Security fix *)
++--------------------------+
 Mon Feb 14 00:10:38 UTC 2022
 patches/packages/mariadb-10.5.15-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes potential denial-of-service vulnerabilities.