summaryrefslogtreecommitdiff
path: root/ChangeLog.txt
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2020-04-14 22:26:11 +0000
committerEric Hameleers <alien@slackware.com>2020-04-15 08:59:52 +0200
commit4bb8e72194ac7157012e8fab88662688c811c295 (patch)
treec62b417250a6c7baf8e2c70dfa4ac40916e2541a /ChangeLog.txt
parentaafeea9fc46e31851c058896f86d9d5c88881dd8 (diff)
downloadcurrent-4bb8e72194ac7157012e8fab88662688c811c295.tar.gz
Tue Apr 14 22:26:11 UTC 202020200414222611
a/gawk-5.1.0-x86_64-1.txz: Upgraded. a/gettext-0.20.2-x86_64-1.txz: Upgraded. d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded. d/git-2.26.1-x86_64-1.txz: Upgraded. This update fixes a security issue: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host. The attack has been made impossible by forbidding a newline character in any value passed via the credential protocol. Credit for finding the vulnerability goes to Felix Wilhelm of Google Project Zero. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260 (* Security fix *) l/glib-networking-2.64.2-x86_64-1.txz: Upgraded. l/libsecret-0.20.3-x86_64-1.txz: Upgraded. n/php-7.4.5-x86_64-1.txz: Upgraded. x/xorgproto-2020.1-x86_64-1.txz: Upgraded. xap/audacious-4.0.2-x86_64-1.txz: Upgraded. xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded. extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded.
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt22
1 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 0345c783..f9ed7d44 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,25 @@
+Tue Apr 14 22:26:11 UTC 2020
+a/gawk-5.1.0-x86_64-1.txz: Upgraded.
+a/gettext-0.20.2-x86_64-1.txz: Upgraded.
+d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded.
+d/git-2.26.1-x86_64-1.txz: Upgraded.
+ This update fixes a security issue:
+ With a crafted URL that contains a newline in it, the credential helper
+ machinery can be fooled to give credential information for a wrong host.
+ The attack has been made impossible by forbidding a newline character in
+ any value passed via the credential protocol. Credit for finding the
+ vulnerability goes to Felix Wilhelm of Google Project Zero.
+ For more information, see:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
+ (* Security fix *)
+l/glib-networking-2.64.2-x86_64-1.txz: Upgraded.
+l/libsecret-0.20.3-x86_64-1.txz: Upgraded.
+n/php-7.4.5-x86_64-1.txz: Upgraded.
+x/xorgproto-2020.1-x86_64-1.txz: Upgraded.
+xap/audacious-4.0.2-x86_64-1.txz: Upgraded.
+xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded.
+extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded.
++--------------------------+
Mon Apr 13 22:16:49 UTC 2020
a/kernel-firmware-20200413_64dba0f-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.32-x86_64-1.txz: Upgraded.