Slackware64-current ChangeLog

ChangeLog for: 2022-10-18 21:29:54

ap/vim-9.0.0790-x86_64-1.txz:  Upgraded.
d/ccache-4.7-x86_64-1.txz:  Upgraded.
d/git-2.38.1-x86_64-1.txz:  Upgraded.
  This release fixes two security issues:
  * CVE-2022-39253:
  When relying on the `--local` clone optimization, Git dereferences
  symbolic links in the source repository before creating hardlinks
  (or copies) of the dereferenced link in the destination repository.
  This can lead to surprising behavior where arbitrary files are
  present in a repository's `$GIT_DIR` when cloning from a malicious
  repository.
  Git will no longer dereference symbolic links via the `--local`
  clone mechanism, and will instead refuse to clone repositories that
  have symbolic links present in the `$GIT_DIR/objects` directory.
  Additionally, the value of `protocol.file.allow` is changed to be
  "user" by default.
  * CVE-2022-39260:
  An overly-long command string given to `git shell` can result in
  overflow in `split_cmdline()`, leading to arbitrary heap writes and
  remote code execution when `git shell` is exposed and the directory
  `$HOME/git-shell-commands` exists.
  `git shell` is taught to refuse interactive commands that are
  longer than 4MiB in size. `split_cmdline()` is hardened to reject
  inputs larger than 2GiB.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39253
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39260
  (* Security fix *)
kde/bluedevil-5.26.1-x86_64-1.txz:  Upgraded.
kde/breeze-5.26.1-x86_64-1.txz:  Upgraded.
kde/breeze-grub-5.26.1-x86_64-1.txz:  Upgraded.
kde/breeze-gtk-5.26.1-x86_64-1.txz:  Upgraded.
kde/drkonqi-5.26.1-x86_64-1.txz:  Upgraded.
kde/kactivitymanagerd-5.26.1-x86_64-1.txz:  Upgraded.
kde/kde-cli-tools-5.26.1-x86_64-1.txz:  Upgraded.
kde/kde-gtk-config-5.26.1-x86_64-1.txz:  Upgraded.
kde/kdecoration-5.26.1-x86_64-1.txz:  Upgraded.
kde/kdeplasma-addons-5.26.1-x86_64-1.txz:  Upgraded.
kde/kgamma5-5.26.1-x86_64-1.txz:  Upgraded.
kde/khotkeys-5.26.1-x86_64-1.txz:  Upgraded.
kde/kinfocenter-5.26.1-x86_64-1.txz:  Upgraded.
kde/kmenuedit-5.26.1-x86_64-1.txz:  Upgraded.
kde/kpipewire-5.26.1-x86_64-1.txz:  Upgraded.
kde/kscreen-5.26.1-x86_64-1.txz:  Upgraded.
kde/kscreenlocker-5.26.1-x86_64-1.txz:  Upgraded.
kde/ksshaskpass-5.26.1-x86_64-1.txz:  Upgraded.
kde/ksystemstats-5.26.1-x86_64-1.txz:  Upgraded.
kde/kwallet-pam-5.26.1-x86_64-1.txz:  Upgraded.
kde/kwayland-integration-5.26.1-x86_64-1.txz:  Upgraded.
kde/kwin-5.26.1-x86_64-1.txz:  Upgraded.
kde/kwrited-5.26.1-x86_64-1.txz:  Upgraded.
kde/layer-shell-qt-5.26.1-x86_64-1.txz:  Upgraded.
kde/libkscreen-5.26.1-x86_64-1.txz:  Upgraded.
kde/libksysguard-5.26.1-x86_64-1.txz:  Upgraded.
kde/milou-5.26.1-x86_64-1.txz:  Upgraded.
kde/oxygen-5.26.1-x86_64-1.txz:  Upgraded.
kde/oxygen-sounds-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-browser-integration-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-desktop-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-disks-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-firewall-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-integration-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-nm-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-pa-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-sdk-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-systemmonitor-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-vault-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-5.26.1-x86_64-1.txz:  Upgraded.
kde/plasma-workspace-wallpapers-5.26.1-x86_64-1.txz:  Upgraded.
kde/polkit-kde-agent-1-5.26.1-x86_64-1.txz:  Upgraded.
kde/powerdevil-5.26.1-x86_64-1.txz:  Upgraded.
kde/qqc2-breeze-style-5.26.1-x86_64-1.txz:  Upgraded.
kde/sddm-kcm-5.26.1-x86_64-1.txz:  Upgraded.
kde/systemsettings-5.26.1-x86_64-1.txz:  Upgraded.
kde/xdg-desktop-portal-kde-5.26.1-x86_64-1.txz:  Upgraded.
l/libical-3.0.16-x86_64-1.txz:  Upgraded.
l/nodejs-19.0.0-x86_64-1.txz:  Upgraded.
n/NetworkManager-1.40.2-x86_64-1.txz:  Upgraded.
n/whois-5.5.14-x86_64-1.txz:  Upgraded.
x/libXmu-1.1.4-x86_64-1.txz:  Upgraded.
x/libXpresent-1.0.1-x86_64-1.txz:  Upgraded.
x/libpciaccess-0.17-x86_64-1.txz:  Upgraded.
x/libxkbfile-1.1.1-x86_64-1.txz:  Upgraded.
x/libxshmfence-1.3.1-x86_64-1.txz:  Upgraded.
x/pixman-0.42.0-x86_64-1.txz:  Upgraded.
x/xcb-util-cursor-0.1.4-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-106.0-x86_64-1.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/106.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-44/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42927
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42929
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42930
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42931
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42932
  (* Security fix *)
xap/vim-gvim-9.0.0790-x86_64-1.txz:  Upgraded.