a/pam-1.5.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-2.txz: Rebuilt.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
ap/vim-9.0.1569-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1569-x86_64-1.txz: Upgraded.
a/hwdata-0.342-noarch-1.txz: Upgraded.
a/pam-1.5.1-x86_64-1.txz: Upgraded.
ap/sqlite-3.34.0-x86_64-1.txz: Upgraded.
l/libarchive-3.5.0-x86_64-1.txz: Upgraded.
x/fontconfig-2.13.92-x86_64-1.txz: Upgraded.
I'm pretty sure there was a good reason to switch to 2.13.92 on the devel
release path, but I'm not sure the same can be said about 2.13.93. We'll
stick with this one for now until there's a stable release or another good
reason to bump it.
x/xorg-server-1.20.10-x86_64-1.txz: Upgraded.
x/xorg-server-xephyr-1.20.10-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.10-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.10-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-1.20.10-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.1-x86_64-1.txz: Upgraded.
