From 40bf9bf864ed33599654671687a082f83ccca943 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 23 Jun 2022 05:30:51 +0000
Subject: Thu Jun 23 05:30:51 UTC 2022

patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz:  Upgraded.
  This update provides the latest CA certificates to check for the
  authenticity of SSL connections.
patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
  In addition to the c_rehash shell command injection identified in
  CVE-2022-1292, further circumstances where the c_rehash script does not
  properly sanitise shell metacharacters to prevent command injection were
  found by code review.
  When the CVE-2022-1292 was fixed it was not discovered that there
  are other places in the script where the file names of certificates
  being hashed were possibly passed to a command executed through the shell.
  For more information, see:
    https://www.openssl.org/news/secadv/20220621.txt
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
  (* Security fix *)
patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz:  Upgraded.
---
 patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt

(limited to 'patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt')

diff --git a/patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt b/patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt
new file mode 100644
index 000000000..f6169bb30
--- /dev/null
+++ b/patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txt
@@ -0,0 +1,11 @@
+openssl: openssl (Secure Sockets Layer toolkit)
+openssl:
+openssl: The OpenSSL certificate management tool and the shared libraries that
+openssl: provide various encryption and decryption algorithms and protocols.
+openssl:
+openssl: This product includes software developed by the OpenSSL Project for
+openssl: use in the OpenSSL Toolkit (http://www.openssl.org). This product
+openssl: includes cryptographic software written by Eric Young
+openssl: (eay@cryptsoft.com). This product includes software written by Tim
+openssl: Hudson (tjh@cryptsoft.com).
+openssl:
-- 
cgit v1.2.3-65-gdbad