From 4bb8e72194ac7157012e8fab88662688c811c295 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Tue, 14 Apr 2020 22:26:11 +0000
Subject: Tue Apr 14 22:26:11 UTC 2020

a/gawk-5.1.0-x86_64-1.txz:  Upgraded.
a/gettext-0.20.2-x86_64-1.txz:  Upgraded.
d/gettext-tools-0.20.2-x86_64-1.txz:  Upgraded.
d/git-2.26.1-x86_64-1.txz:  Upgraded.
  This update fixes a security issue:
  With a crafted URL that contains a newline in it, the credential helper
  machinery can be fooled to give credential information for a wrong host.
  The attack has been made impossible by forbidding a newline character in
  any value passed via the credential protocol. Credit for finding the
  vulnerability goes to Felix Wilhelm of Google Project Zero.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
  (* Security fix *)
l/glib-networking-2.64.2-x86_64-1.txz:  Upgraded.
l/libsecret-0.20.3-x86_64-1.txz:  Upgraded.
n/php-7.4.5-x86_64-1.txz:  Upgraded.
x/xorgproto-2020.1-x86_64-1.txz:  Upgraded.
xap/audacious-4.0.2-x86_64-1.txz:  Upgraded.
xap/audacious-plugins-4.0.2-x86_64-1.txz:  Upgraded.
extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz:  Upgraded.
---
 ChangeLog.txt | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'ChangeLog.txt')

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 0345c783d..f9ed7d445 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,25 @@
+Tue Apr 14 22:26:11 UTC 2020
+a/gawk-5.1.0-x86_64-1.txz:  Upgraded.
+a/gettext-0.20.2-x86_64-1.txz:  Upgraded.
+d/gettext-tools-0.20.2-x86_64-1.txz:  Upgraded.
+d/git-2.26.1-x86_64-1.txz:  Upgraded.
+  This update fixes a security issue:
+  With a crafted URL that contains a newline in it, the credential helper
+  machinery can be fooled to give credential information for a wrong host.
+  The attack has been made impossible by forbidding a newline character in
+  any value passed via the credential protocol. Credit for finding the
+  vulnerability goes to Felix Wilhelm of Google Project Zero.
+  For more information, see:
+    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
+  (* Security fix *)
+l/glib-networking-2.64.2-x86_64-1.txz:  Upgraded.
+l/libsecret-0.20.3-x86_64-1.txz:  Upgraded.
+n/php-7.4.5-x86_64-1.txz:  Upgraded.
+x/xorgproto-2020.1-x86_64-1.txz:  Upgraded.
+xap/audacious-4.0.2-x86_64-1.txz:  Upgraded.
+xap/audacious-plugins-4.0.2-x86_64-1.txz:  Upgraded.
+extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz:  Upgraded.
++--------------------------+
 Mon Apr 13 22:16:49 UTC 2020
 a/kernel-firmware-20200413_64dba0f-noarch-1.txz:  Upgraded.
 a/kernel-generic-5.4.32-x86_64-1.txz:  Upgraded.
-- 
cgit v1.2.3