From 71ceb94a1412ec19af5c69ad44880ad5cd8fd643 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Sun, 20 Oct 2019 19:39:21 +0000
Subject: Sun Oct 20 19:39:21 UTC 2019

d/python-2.7.17-x86_64-1.txz:  Upgraded.
  This update fixes bugs and security issues:
  Update vendorized expat library version to 2.2.8.
  Disallow URL paths with embedded whitespace or control characters into the
  underlying http client request. Such potentially malicious header injection
  URLs now cause an httplib.InvalidURL exception to be raised.
  Avoid file reading by disallowing ``local-file://`` and ``local_file://``
  URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
  :meth:`urllib.URLopener.retrieve`.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
  (* Security fix *)
n/proftpd-1.3.6b-x86_64-1.txz:  Upgraded.
---
 ChangeLog.rss | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

(limited to 'ChangeLog.rss')

diff --git a/ChangeLog.rss b/ChangeLog.rss
index 632c9fd97..ebf74a341 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,34 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Sat, 19 Oct 2019 19:04:57 GMT</pubDate>
-      <lastBuildDate>Sun, 20 Oct 2019 06:59:44 GMT</lastBuildDate>
+      <pubDate>Sun, 20 Oct 2019 19:39:21 GMT</pubDate>
+      <lastBuildDate>Mon, 21 Oct 2019 06:59:43 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.11</generator>
+      <item>
+         <title>Sun, 20 Oct 2019 19:39:21 GMT</title>
+         <pubDate>Sun, 20 Oct 2019 19:39:21 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20191020193921</link>
+         <guid isPermaLink="false">20191020193921</guid>
+         <description>
+           <![CDATA[<pre>
+d/python-2.7.17-x86_64-1.txz:  Upgraded.
+  This update fixes bugs and security issues:
+  Update vendorized expat library version to 2.2.8.
+  Disallow URL paths with embedded whitespace or control characters into the
+  underlying http client request. Such potentially malicious header injection
+  URLs now cause an httplib.InvalidURL exception to be raised.
+  Avoid file reading by disallowing ``local-file://`` and ``local_file://``
+  URL schemes in :func:`urllib.urlopen`, :meth:`urllib.URLopener.open` and
+  :meth:`urllib.URLopener.retrieve`.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9740
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948
+  (* Security fix *)
+n/proftpd-1.3.6b-x86_64-1.txz:  Upgraded.
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Sat, 19 Oct 2019 19:04:57 GMT</title>
          <pubDate>Sat, 19 Oct 2019 19:04:57 GMT</pubDate>
-- 
cgit v1.2.3