ChangeLog for: 2023-02-15 20:48:10

ap/sudo-1.9.13-x86_64-1.txz:  Upgraded.
d/git-2.39.2-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  Using a specially-crafted repository, Git can be tricked into using
  its local clone optimization even when using a non-local transport.
  Though Git will abort local clones whose source $GIT_DIR/objects
  directory contains symbolic links (c.f., CVE-2022-39253), the objects
  directory itself may still be a symbolic link.
  These two may be combined to include arbitrary files based on known
  paths on the victim's filesystem within the malicious repository's
  working copy, allowing for data exfiltration in a similar manner as
  CVE-2022-39253.
  By feeding a crafted input to "git apply", a path outside the
  working tree can be overwritten as the user who is running "git
  apply".
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-22490
    https://www.cve.org/CVERecord?id=CVE-2023-23946
  (* Security fix *)
n/curl-7.88.0-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  HTTP multi-header compression denial of service.
  HSTS amnesia with --parallel.
  HSTS ignored on multiple requests.
  For more information, see:
    https://curl.se/docs/CVE-2023-23916.html
    https://curl.se/docs/CVE-2023-23915.html
    https://curl.se/docs/CVE-2023-23914.html
    https://www.cve.org/CVERecord?id=CVE-2023-23916
    https://www.cve.org/CVERecord?id=CVE-2023-23915
    https://www.cve.org/CVERecord?id=CVE-2023-23914
  (* Security fix *)