diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 72c9a9e86..ebb036f75 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,48 @@ +Mon Dec 20 19:41:32 UTC 2021 +a/pkgtools-15.0-noarch-42.txz: Rebuilt. + setup.services: list rc.nfsd. Suggested by alienBOB. +l/expat-2.4.2-x86_64-1.txz: Upgraded. +l/gegl-0.4.34-x86_64-1.txz: Upgraded. +n/httpd-2.4.52-x86_64-1.txz: Upgraded. + SECURITY: CVE-2021-44790: Possible buffer overflow when parsing + multipart content in mod_lua of Apache HTTP Server 2.4.51 and + earlier (cve.mitre.org) + A carefully crafted request body can cause a buffer overflow in + the mod_lua multipart parser (r:parsebody() called from Lua + scripts). + The Apache httpd team is not aware of an exploit for the + vulnerabilty though it might be possible to craft one. + This issue affects Apache HTTP Server 2.4.51 and earlier. + Credits: Chamal + SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in + forward proxy configurations in Apache HTTP Server 2.4.51 and + earlier (cve.mitre.org) + A crafted URI sent to httpd configured as a forward proxy + (ProxyRequests on) can cause a crash (NULL pointer dereference) + or, for configurations mixing forward and reverse proxy + declarations, can allow for requests to be directed to a + declared Unix Domain Socket endpoint (Server Side Request + Forgery). + This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 + (included). + Credits: ae 1/4*a-o(R)e 1/4 + TengMA(@Te3t123) + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224 + (* Security fix *) +xap/gimp-2.10.30-x86_64-1.txz: Upgraded. +xap/mozilla-thunderbird-91.4.1-x86_64-1.txz: Upgraded. + This release contains security fixes and improvements. + For more information, see: + https://www.mozilla.org/en-US/thunderbird/91.4.1/releasenotes/ + https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/ + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4126 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44538 + (* Security fix *) +xap/xlockmore-5.68-x86_64-1.txz: Upgraded. +xap/xsnow-3.4.2-x86_64-1.txz: Upgraded. ++--------------------------+ Sun Dec 19 18:57:11 UTC 2021 kde/kid3-3.9.0-x86_64-1.txz: Upgraded. kde/latte-dock-0.10.6-x86_64-1.txz: Upgraded. |