diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 21ee7c741..784f2bffd 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,47 @@ +Thu Apr 18 21:13:58 UTC 2019 +ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded. +ap/sysstat-12.1.4-x86_64-1.txz: Upgraded. +l/gvfs-1.40.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/icu4c-64.2-x86_64-1.txz: Upgraded. +l/libcddb-1.3.2-x86_64-6.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/libcdio-2.1.0-x86_64-1.txz: Upgraded. + Shared library .so-version bump. +l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +l/zstd-1.4.0-x86_64-1.txz: Upgraded. +n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded. +n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded. + This update fixes a security issue: + Trying to login with 8bit username containing invalid UTF8 input causes + auth process to crash if auth policy is enabled. This could be used rather + easily to cause a DoS. Similar crash also happens during mail delivery + when using invalid UTF8 in From or Subject header when OX push + notification driver is used. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691 + (* Security fix *) +n/nghttp2-1.38.0-x86_64-1.txz: Upgraded. +n/openssh-8.0p1-x86_64-1.txz: Upgraded. + This release contains a mitigation for a weakness in the scp(1) tool + and protocol (CVE-2019-6111): when copying files from a remote system + to a local directory, scp(1) did not verify that the filenames that + the server sent matched those requested by the client. This could + allow a hostile server to create or clobber unexpected local files + with attacker-controlled content. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + (* Security fix *) +xap/MPlayer-20190418-x86_64-1.txz: Upgraded. + Compiled against libcdio-2.1.0. +xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt. + Recompiled against libcdio-2.1.0. +extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded. + Compiled against libcdio-2.1.0. +extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt. + Recompiled against libcdio-2.1.0. ++--------------------------+ Wed Apr 17 20:27:23 UTC 2019 a/kernel-generic-4.19.35-x86_64-1.txz: Upgraded. a/kernel-huge-4.19.35-x86_64-1.txz: Upgraded. |