From e2bd8d238343cb913b44c1fa7bf662b7135afeb5 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 18 Apr 2019 21:13:58 +0000
Subject: Thu Apr 18 21:13:58 UTC 2019

ap/ksh93-20190416_7d7bba3e-x86_64-1.txz:  Upgraded.
ap/sysstat-12.1.4-x86_64-1.txz:  Upgraded.
l/gvfs-1.40.1-x86_64-2.txz:  Rebuilt.
  Recompiled against libcdio-2.1.0.
l/icu4c-64.2-x86_64-1.txz:  Upgraded.
l/libcddb-1.3.2-x86_64-6.txz:  Rebuilt.
  Recompiled against libcdio-2.1.0.
l/libcdio-2.1.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz:  Rebuilt.
  Recompiled against libcdio-2.1.0.
l/zstd-1.4.0-x86_64-1.txz:  Upgraded.
n/dhcpcd-7.2.0-x86_64-1.txz:  Upgraded.
n/dovecot-2.3.5.2-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  Trying to login with 8bit username containing invalid UTF8 input causes
  auth process to crash if auth policy is enabled. This could be used rather
  easily to cause a DoS. Similar crash also happens during mail delivery
  when using invalid UTF8 in From or Subject header when OX push
  notification driver is used.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
  (* Security fix *)
n/nghttp2-1.38.0-x86_64-1.txz:  Upgraded.
n/openssh-8.0p1-x86_64-1.txz:  Upgraded.
  This release contains a mitigation for a weakness in the scp(1) tool
  and protocol (CVE-2019-6111): when copying files from a remote system
  to a local directory, scp(1) did not verify that the filenames that
  the server sent matched those requested by the client. This could
  allow a hostile server to create or clobber unexpected local files
  with attacker-controlled content.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
  (* Security fix *)
xap/MPlayer-20190418-x86_64-1.txz:  Upgraded.
  Compiled against libcdio-2.1.0.
xap/audacious-plugins-3.10.1-x86_64-2.txz:  Rebuilt.
  Recompiled against libcdio-2.1.0.
extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz:  Upgraded.
  Compiled against libcdio-2.1.0.
extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz:  Rebuilt.
  Recompiled against libcdio-2.1.0.
---
 ChangeLog.rss | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

(limited to 'ChangeLog.rss')

diff --git a/ChangeLog.rss b/ChangeLog.rss
index da445ce2e..9f6267df9 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,9 +11,61 @@
       <description>Tracking Slackware development in git.</description>
       <language>en-us</language>
       <id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
-      <pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate>
-      <lastBuildDate>Thu, 18 Apr 2019 15:59:41 GMT</lastBuildDate>
+      <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate>
+      <lastBuildDate>Fri, 19 Apr 2019 06:59:41 GMT</lastBuildDate>
       <generator>maintain_current_git.sh v 1.10</generator>
+      <item>
+         <title>Thu, 18 Apr 2019 21:13:58 GMT</title>
+         <pubDate>Thu, 18 Apr 2019 21:13:58 GMT</pubDate>
+         <link>https://git.slackware.nl/current/tag/?h=20190418211358</link>
+         <guid isPermaLink="false">20190418211358</guid>
+         <description>
+           <![CDATA[<pre>
+ap/ksh93-20190416_7d7bba3e-x86_64-1.txz:  Upgraded.
+ap/sysstat-12.1.4-x86_64-1.txz:  Upgraded.
+l/gvfs-1.40.1-x86_64-2.txz:  Rebuilt.
+  Recompiled against libcdio-2.1.0.
+l/icu4c-64.2-x86_64-1.txz:  Upgraded.
+l/libcddb-1.3.2-x86_64-6.txz:  Rebuilt.
+  Recompiled against libcdio-2.1.0.
+l/libcdio-2.1.0-x86_64-1.txz:  Upgraded.
+  Shared library .so-version bump.
+l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz:  Rebuilt.
+  Recompiled against libcdio-2.1.0.
+l/zstd-1.4.0-x86_64-1.txz:  Upgraded.
+n/dhcpcd-7.2.0-x86_64-1.txz:  Upgraded.
+n/dovecot-2.3.5.2-x86_64-1.txz:  Upgraded.
+  This update fixes a security issue:
+  Trying to login with 8bit username containing invalid UTF8 input causes
+  auth process to crash if auth policy is enabled. This could be used rather
+  easily to cause a DoS. Similar crash also happens during mail delivery
+  when using invalid UTF8 in From or Subject header when OX push
+  notification driver is used.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
+  (* Security fix *)
+n/nghttp2-1.38.0-x86_64-1.txz:  Upgraded.
+n/openssh-8.0p1-x86_64-1.txz:  Upgraded.
+  This release contains a mitigation for a weakness in the scp(1) tool
+  and protocol (CVE-2019-6111): when copying files from a remote system
+  to a local directory, scp(1) did not verify that the filenames that
+  the server sent matched those requested by the client. This could
+  allow a hostile server to create or clobber unexpected local files
+  with attacker-controlled content.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
+  (* Security fix *)
+xap/MPlayer-20190418-x86_64-1.txz:  Upgraded.
+  Compiled against libcdio-2.1.0.
+xap/audacious-plugins-3.10.1-x86_64-2.txz:  Rebuilt.
+  Recompiled against libcdio-2.1.0.
+extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz:  Upgraded.
+  Compiled against libcdio-2.1.0.
+extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz:  Rebuilt.
+  Recompiled against libcdio-2.1.0.
+           </pre>]]>
+         </description>
+      </item>
       <item>
          <title>Wed, 17 Apr 2019 20:27:23 GMT</title>
          <pubDate>Wed, 17 Apr 2019 20:27:23 GMT</pubDate>
-- 
cgit v1.2.3