Differences

This shows you the differences between two versions of the page.

--- changelog_14.2 [2020/04/17 15:44] – [2020-04-15] connie
+++ changelog_14.2 [2020/05/18 19:37] – [2020-04-21] connie
@@ Line 2: / Line 2: @@
 Slackware upstream ChangeLog entries are courtesy of Patrick Volkerding.
+==== 2020-05-18 ====
+**sane-1.0.30**:  Upgraded.
+This update fixes several security issues.
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
+(**Security fix**)
+**glibc-zoneinfo-2020a**:  Upgraded.
+This package provides the latest timezone updates.
+==== 2020-04-21 ====
+**git-2.17.5**:  Upgraded.
+This update fixes a security issue:
+With a crafted URL that contains a newline or empty host, or lacks
+a scheme, the credential helper machinery can be fooled into
+providing credential information that is not appropriate for the
+protocol in use and host being contacted.
+Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
+credentials are not for a host of the attacker's choosing; instead,
+they are for some unspecified host (based on how the configured
+credential helper handles an absent "host" parameter).
+For more information, see:
+  * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
+(**Security fix**)
 ==== 2020-04-17 ====