summaryrefslogtreecommitdiffstats
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt101
1 files changed, 101 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index c4f4fb435..e0dd39c16 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,104 @@
+Tue Oct 18 20:29:54 UTC 2022
+ap/vim-9.0.0790-x86_64-1.txz: Upgraded.
+d/ccache-4.7-x86_64-1.txz: Upgraded.
+d/git-2.38.1-x86_64-1.txz: Upgraded.
+ This release fixes two security issues:
+ * CVE-2022-39253:
+ When relying on the `--local` clone optimization, Git dereferences
+ symbolic links in the source repository before creating hardlinks
+ (or copies) of the dereferenced link in the destination repository.
+ This can lead to surprising behavior where arbitrary files are
+ present in a repository's `$GIT_DIR` when cloning from a malicious
+ repository.
+ Git will no longer dereference symbolic links via the `--local`
+ clone mechanism, and will instead refuse to clone repositories that
+ have symbolic links present in the `$GIT_DIR/objects` directory.
+ Additionally, the value of `protocol.file.allow` is changed to be
+ "user" by default.
+ * CVE-2022-39260:
+ An overly-long command string given to `git shell` can result in
+ overflow in `split_cmdline()`, leading to arbitrary heap writes and
+ remote code execution when `git shell` is exposed and the directory
+ `$HOME/git-shell-commands` exists.
+ `git shell` is taught to refuse interactive commands that are
+ longer than 4MiB in size. `split_cmdline()` is hardened to reject
+ inputs larger than 2GiB.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
+ (* Security fix *)
+kde/bluedevil-5.26.1-x86_64-1.txz: Upgraded.
+kde/breeze-5.26.1-x86_64-1.txz: Upgraded.
+kde/breeze-grub-5.26.1-x86_64-1.txz: Upgraded.
+kde/breeze-gtk-5.26.1-x86_64-1.txz: Upgraded.
+kde/drkonqi-5.26.1-x86_64-1.txz: Upgraded.
+kde/kactivitymanagerd-5.26.1-x86_64-1.txz: Upgraded.
+kde/kde-cli-tools-5.26.1-x86_64-1.txz: Upgraded.
+kde/kde-gtk-config-5.26.1-x86_64-1.txz: Upgraded.
+kde/kdecoration-5.26.1-x86_64-1.txz: Upgraded.
+kde/kdeplasma-addons-5.26.1-x86_64-1.txz: Upgraded.
+kde/kgamma5-5.26.1-x86_64-1.txz: Upgraded.
+kde/khotkeys-5.26.1-x86_64-1.txz: Upgraded.
+kde/kinfocenter-5.26.1-x86_64-1.txz: Upgraded.
+kde/kmenuedit-5.26.1-x86_64-1.txz: Upgraded.
+kde/kpipewire-5.26.1-x86_64-1.txz: Upgraded.
+kde/kscreen-5.26.1-x86_64-1.txz: Upgraded.
+kde/kscreenlocker-5.26.1-x86_64-1.txz: Upgraded.
+kde/ksshaskpass-5.26.1-x86_64-1.txz: Upgraded.
+kde/ksystemstats-5.26.1-x86_64-1.txz: Upgraded.
+kde/kwallet-pam-5.26.1-x86_64-1.txz: Upgraded.
+kde/kwayland-integration-5.26.1-x86_64-1.txz: Upgraded.
+kde/kwin-5.26.1-x86_64-1.txz: Upgraded.
+kde/kwrited-5.26.1-x86_64-1.txz: Upgraded.
+kde/layer-shell-qt-5.26.1-x86_64-1.txz: Upgraded.
+kde/libkscreen-5.26.1-x86_64-1.txz: Upgraded.
+kde/libksysguard-5.26.1-x86_64-1.txz: Upgraded.
+kde/milou-5.26.1-x86_64-1.txz: Upgraded.
+kde/oxygen-5.26.1-x86_64-1.txz: Upgraded.
+kde/oxygen-sounds-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-browser-integration-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-desktop-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-disks-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-firewall-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-integration-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-nm-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-pa-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-sdk-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-systemmonitor-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-vault-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-workspace-5.26.1-x86_64-1.txz: Upgraded.
+kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz: Upgraded.
+kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz: Upgraded.
+kde/powerdevil-5.26.1-x86_64-1.txz: Upgraded.
+kde/qqc2-breeze-style-5.26.1-x86_64-1.txz: Upgraded.
+kde/sddm-kcm-5.26.1-x86_64-1.txz: Upgraded.
+kde/systemsettings-5.26.1-x86_64-1.txz: Upgraded.
+kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz: Upgraded.
+l/libical-3.0.16-x86_64-1.txz: Upgraded.
+l/nodejs-19.0.0-x86_64-1.txz: Upgraded.
+n/NetworkManager-1.40.2-x86_64-1.txz: Upgraded.
+n/whois-5.5.14-x86_64-1.txz: Upgraded.
+x/libXmu-1.1.4-x86_64-1.txz: Upgraded.
+x/libXpresent-1.0.1-x86_64-1.txz: Upgraded.
+x/libpciaccess-0.17-x86_64-1.txz: Upgraded.
+x/libxkbfile-1.1.1-x86_64-1.txz: Upgraded.
+x/libxshmfence-1.3.1-x86_64-1.txz: Upgraded.
+x/pixman-0.42.0-x86_64-1.txz: Upgraded.
+x/xcb-util-cursor-0.1.4-x86_64-1.txz: Upgraded.
+xap/mozilla-firefox-106.0-x86_64-1.txz: Upgraded.
+ This update contains security fixes and improvements.
+ For more information, see:
+ https://www.mozilla.org/en-US/firefox/106.0/releasenotes/
+ https://www.mozilla.org/security/advisories/mfsa2022-44/
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
+ (* Security fix *)
+xap/vim-gvim-9.0.0790-x86_64-1.txz: Upgraded.
++--------------------------+
Mon Oct 17 19:31:45 UTC 2022
l/libqalculate-4.4.0-x86_64-1.txz: Upgraded.
l/netpbm-11.00.01-x86_64-1.txz: Upgraded.