1 files changed, 33 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index bad42d626..c4a8ccf42 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,36 @@
+Wed Feb 15 19:48:10 UTC 2023
+patches/packages/curl-7.88.0-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  HTTP multi-header compression denial of service.
+  HSTS amnesia with --parallel.
+  HSTS ignored on multiple requests.
+  For more information, see:
+    https://curl.se/docs/CVE-2023-23916.html
+    https://curl.se/docs/CVE-2023-23915.html
+    https://curl.se/docs/CVE-2023-23914.html
+    https://www.cve.org/CVERecord?id=CVE-2023-23916
+    https://www.cve.org/CVERecord?id=CVE-2023-23915
+    https://www.cve.org/CVERecord?id=CVE-2023-23914
+  (* Security fix *)
+patches/packages/git-2.35.7-x86_64-1_slack15.0.txz:  Upgraded.
+  This update fixes security issues:
+  Using a specially-crafted repository, Git can be tricked into using
+  its local clone optimization even when using a non-local transport.
+  Though Git will abort local clones whose source $GIT_DIR/objects
+  directory contains symbolic links (c.f., CVE-2022-39253), the objects
+  directory itself may still be a symbolic link.
+  These two may be combined to include arbitrary files based on known
+  paths on the victim's filesystem within the malicious repository's
+  working copy, allowing for data exfiltration in a similar manner as
+  CVE-2022-39253.
+  By feeding a crafted input to "git apply", a path outside the
+  working tree can be overwritten as the user who is running "git
+  apply".
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2023-22490
+    https://www.cve.org/CVERecord?id=CVE-2023-23946
+  (* Security fix *)
++--------------------------+
 Wed Feb 15 03:05:40 UTC 2023
 extra/php80/php80-8.0.28-x86_64-1_slack15.0.txz:  Upgraded.
   This update fixes security issues: