ChangeLog for: 2026-03-01 00:24:03

a/minicom-2.11.1-x86_64-1.txz:  Upgraded.
ap/groff-1.24.0-x86_64-1.txz:  Upgraded.
l/gvfs-1.58.2-x86_64-1.txz:  Upgraded.
  This update fixes security issues:
  ftp: Use control connection address for PASV data.
  ftp: Reject paths containing CR/LF characters.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-28295
    https://www.cve.org/CVERecord?id=CVE-2026-28296
  (* Security fix *)
n/bluez-5.86-x86_64-2.txz:  Rebuilt.
  Added XDG autostart file for mpris-proxy.
  Thanks to mistfire.
n/telnet-0.17-x86_64-8.txz:  Rebuilt.
  This update fixes a security issue:
  The nextitem() function in telnetd/utility.c has no bounds checking in the SB
  (suboption) case. The for(;;) loop scans past nfrontp into uncontrolled
  memory. This can be exploited by an unauthenticated remote attacker to
  execute arbitrary code on the server running telnetd.
  Please note that while telnet itself is a useful utility for network testing,
  telnetd is a legacy application which should generally not be used. If it is
  used, it should be used only on isolated networks where there is no
  expectation of security.
  Thanks to r1w1s1.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2020-10188
  (* Security fix *)