From 564ec5a0ace4d77efaa63cccd7f542a454022b6d Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 2 Aug 2018 20:12:10 +0000
Subject: Thu Aug  2 20:12:10 UTC 2018

ap/hplip-3.18.7-x86_64-1.txz:  Upgraded.
l/harfbuzz-1.8.5-x86_64-1.txz:  Upgraded.
n/lftp-4.8.4-x86_64-1.txz:  Upgraded.
  It has been discovered that lftp up to and including version 4.8.3 does
  not properly sanitize remote file names, leading to a loss of integrity
  on the local system when reverse mirroring is used. A remote attacker
  may trick a user to use reverse mirroring on an attacker controlled FTP
  server, resulting in the removal of all files in the current working
  directory of the victim's system.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
  (* Security fix *)
x/fonttosfnt-1.0.5-x86_64-1.txz:  Upgraded.
---
 ChangeLog.rss | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'ChangeLog.rss')

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 5a158adb7..084c24252 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,32 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed,  1 Aug 2018 22:38:53 GMT</pubDate>
-      <lastBuildDate>Thu,  2 Aug 2018 07:00:33 GMT</lastBuildDate>
+      <pubDate>Thu,  2 Aug 2018 20:12:10 GMT</pubDate>
+      <lastBuildDate>Fri,  3 Aug 2018 07:00:33 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.10</generator>
+      <item>
+         <title>Thu,  2 Aug 2018 20:12:10 GMT</title>
+         <pubDate>Thu,  2 Aug 2018 20:12:10 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20180802201210</link>
+         <guid isPermaLink="false">20180802201210</guid>
+         <description>
+           <![CDATA[<pre>
+ap/hplip-3.18.7-x86_64-1.txz:  Upgraded.
+l/harfbuzz-1.8.5-x86_64-1.txz:  Upgraded.
+n/lftp-4.8.4-x86_64-1.txz:  Upgraded.
+  It has been discovered that lftp up to and including version 4.8.3 does
+  not properly sanitize remote file names, leading to a loss of integrity
+  on the local system when reverse mirroring is used. A remote attacker
+  may trick a user to use reverse mirroring on an attacker controlled FTP
+  server, resulting in the removal of all files in the current working
+  directory of the victim's system.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
+  (* Security fix *)
+x/fonttosfnt-1.0.5-x86_64-1.txz:  Upgraded.
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Wed,  1 Aug 2018 22:38:53 GMT</title>
          <pubDate>Wed,  1 Aug 2018 22:38:53 GMT</pubDate>
-- 
cgit v1.2.3