diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 5254b9419..0e5583cd1 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,46 @@ +Wed Sep 21 19:19:07 UTC 2022 +ap/cups-2.4.2-x86_64-3.txz: Rebuilt. + Fixed crash when using the CUPS web setup interface: + [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after freeing + it (Issue #409). + Thanks to MisterL, bryjen, and kjhambrick. + Fixed an OpenSSL certificate loading issue: + [PATCH] The OpenSSL code path wasn't loading the full certificate + chain (Issue #465). + Thanks to tmmukunn. ++--------------------------+ +Wed Sep 21 18:30:30 UTC 2022 +ap/cups-2.4.2-x86_64-2.txz: Rebuilt. + Install pkgconfig file to the proper directory. +l/libbluray-1.3.3-x86_64-1.txz: Upgraded. +l/system-config-printer-1.5.18-x86_64-1.txz: Upgraded. +n/bind-9.18.7-x86_64-1.txz: Upgraded. + This update fixes bugs and the following security issues: + Fix memory leak in EdDSA verify processing. + Fix serve-stale crash that could happen when stale-answer-client-timeout + was set to 0 and there was a stale CNAME in the cache for an incoming query. + Fix memory leaks in the DH code when using OpenSSL 3.0.0 and later versions. + The openssldh_compare(), openssldh_paramcompare(), and openssldh_todns() + functions were affected. + When an HTTP connection was reused to get statistics from the stats channel, + and zlib compression was in use, each successive response sent larger and + larger blocks of memory, potentially reading past the end of the allocated + buffer. + Prevent excessive resource use while processing large delegations. + For more information, see: + https://kb.isc.org/docs/cve-2022-38178 + https://kb.isc.org/docs/cve-2022-3080 + https://kb.isc.org/docs/cve-2022-2906 + https://kb.isc.org/docs/cve-2022-2881 + https://kb.isc.org/docs/cve-2022-2795 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2906 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2881 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795 + (* Security fix *) +n/nghttp2-1.50.0-x86_64-1.txz: Upgraded. ++--------------------------+ Tue Sep 20 22:50:28 UTC 2022 a/kernel-generic-5.19.10-x86_64-1.txz: Upgraded. a/kernel-huge-5.19.10-x86_64-1.txz: Upgraded. |