1 files changed, 30 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 8fe2ae661..4e1b261ff 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,33 @@
+Wed Feb  1 22:27:31 UTC 2023
+patches/packages/apr-1.7.2-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Integer Overflow or Wraparound vulnerability in apr_encode functions of
+  Apache Portable Runtime (APR) allows an attacker to write beyond bounds
+  of a buffer. (CVE-2022-24963)
+  Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
+  (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
+  later 1.6.x releases, but was missing in 1.7.0.) (CVE-2021-35940)
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-24963
+    https://www.cve.org/CVERecord?id=CVE-2021-35940
+    https://www.cve.org/CVERecord?id=CVE-2017-12613
+  (* Security fix *)
+patches/packages/apr-util-1.6.3-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes a security issue:
+  Integer Overflow or Wraparound vulnerability in apr_base64 functions
+  of Apache Portable Runtime Utility (APR-util) allows an attacker to
+  write beyond bounds of a buffer. (CVE-2022-25147)
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-25147
+  (* Security fix *)
+patches/packages/mozilla-thunderbird-102.7.1-x86_64-1_slack15.0.txz:  Upgraded.
+  This release contains security fixes and improvements.
+  For more information, see:
+    https://www.mozilla.org/en-US/thunderbird/102.7.1/releasenotes/
+    https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/
+    https://www.cve.org/CVERecord?id=CVE-2023-0430
+  (* Security fix *)
++--------------------------+
 Thu Jan 26 00:34:41 UTC 2023
 patches/packages/bind-9.16.37-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes bugs and the following security issues: