diff options
Diffstat (limited to 'ChangeLog.txt')
| -rw-r--r-- | ChangeLog.txt | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 9ca460860..061297dc2 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,50 @@ +Wed Apr 22 02:19:37 UTC 2020 +a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded. +a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded. +a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded. +a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded. +a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded. +d/git-2.26.2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + With a crafted URL that contains a newline or empty host, or lacks + a scheme, the credential helper machinery can be fooled into + providing credential information that is not appropriate for the + protocol in use and host being contacted. + Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the + credentials are not for a host of the attacker's choosing; instead, + they are for some unspecified host (based on how the configured + credential helper handles an absent "host" parameter). + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008 + (* Security fix *) +d/kernel-headers-5.4.34-x86-1.txz: Upgraded. +d/vala-0.48.4-x86_64-1.txz: Upgraded. +k/kernel-source-5.4.34-noarch-1.txz: Upgraded. + INFINIBAND_CXGB3 n -> m + INFINIBAND_IPOIB_CM n -> y + INFINIBAND_IPOIB_DEBUG_DATA n -> y + Thanks to Karl Magnus Kolstø. +l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt. + Don't package typing-3.7.4.1 for python3. +l/netpbm-10.90.01-x86_64-1.txz: Upgraded. +n/openssl-1.1.1g-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Fixed segmentation fault in SSL_check_chain() that could be exploited by a + malicious peer in a Denial of Service attack. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967 + (* Security fix *) +x/libva-2.7.1-x86_64-1.txz: Upgraded. +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded. + This update fixes a security issue: + Fix illegal client float. Thanks to Lev Stipakov. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810 + (* Security fix *) +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Tue Apr 21 02:45:06 UTC 2020 d/python-2.7.17-x86_64-2.txz: Removed. d/python2-2.7.18-x86_64-1.txz: Added. |