summaryrefslogtreecommitdiff
path: root/ChangeLog.txt
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r--ChangeLog.txt18
1 files changed, 18 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 2deeff5b..5ed28583 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,21 @@
+Thu Jun 23 05:30:51 UTC 2022
+patches/packages/ca-certificates-20220622-noarch-1_slack15.0.txz: Upgraded.
+ This update provides the latest CA certificates to check for the
+ authenticity of SSL connections.
+patches/packages/openssl-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
+ In addition to the c_rehash shell command injection identified in
+ CVE-2022-1292, further circumstances where the c_rehash script does not
+ properly sanitise shell metacharacters to prevent command injection were
+ found by code review.
+ When the CVE-2022-1292 was fixed it was not discovered that there
+ are other places in the script where the file names of certificates
+ being hashed were possibly passed to a command executed through the shell.
+ For more information, see:
+ https://www.openssl.org/news/secadv/20220621.txt
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
+ (* Security fix *)
+patches/packages/openssl-solibs-1.1.1p-x86_64-1_slack15.0.txz: Upgraded.
++--------------------------+
Mon Jun 13 21:02:58 UTC 2022
patches/packages/php-7.4.30-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues: