diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 702274b2..2ad5792a 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,17 @@ +Fri Jun 1 21:28:10 UTC 2018 +a/mcelog-158-x86_64-1.txz: Upgraded. +a/pkgtools-15.0-noarch-15.txz: Rebuilt. + installpkg, upgradepkg: test tty -s before using tput. Thanks to aaazen. +d/cmake-3.11.3-x86_64-1.txz: Upgraded. +l/imagemagick-6.9.9_49-x86_64-1.txz: Upgraded. + Support OpenMP. This had been disabled years ago due to issues with perl + modules, but probably that's been fixed by now. Thanks to olear. +l/pygobject3-3.28.3-x86_64-1.txz: Upgraded. +x/xf86-input-evdev-2.10.6-x86_64-1.txz: Upgraded. +x/xf86-input-synaptics-1.9.1-x86_64-1.txz: Upgraded. +xap/fvwm-2.6.8-x86_64-1.txz: Upgraded. +extra/xf86-video-fbdev/xf86-video-fbdev-0.5.0-x86_64-1.txz: Upgraded. ++--------------------------+ Thu May 31 04:55:33 UTC 2018 a/kernel-generic-4.14.47-x86_64-1.txz: Upgraded. a/kernel-huge-4.14.47-x86_64-1.txz: Upgraded. @@ -26,6 +40,22 @@ ap/slackpkg-2.83.0-noarch-1.txz: Upgraded. mandoc lint fixes to slackpkg.8 Warn user if a -current mirror is selected (but only warn once) d/git-2.17.1-x86_64-1.txz: Upgraded. + This update fixes security issues: + Submodule "names" come from the untrusted .gitmodules file, but we + blindly append them to $GIT_DIR/modules to create our on-disk repo + paths. This means you can do bad things by putting "../" into the + name. We now enforce some rules for submodule names which will cause + Git to ignore these malicious names (CVE-2018-11235). + Credit for finding this vulnerability and the proof of concept from + which the test script was adapted goes to Etienne Stalmans. + It was possible to trick the code that sanity-checks paths on NTFS + into reading random piece of memory (CVE-2018-11233). + Credit for fixing for these bugs goes to Jeff King, Johannes + Schindelin and others. + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11235 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11233 + (* Security fix *) d/kernel-headers-4.14.47-x86-1.txz: Upgraded. d/rust-1.26.1-x86_64-1.txz: Upgraded. k/kernel-source-4.14.47-noarch-1.txz: Upgraded. |