Merge pull request #212 from zmanda/3_5_changelog

Add changelog for 3.5.3
zmanda · Mar 16, 2023 · 60032f1 · 60032f1
2 parents 9c0b4ff + 504342f
commit 60032f1
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,16 @@
+2023-02-25 amandaTrusted <[email protected]>
+    * Fixed: removed vulnerable jQuery dependency
+    * Fixed: fix suppressed 1st char of error message in common-src/bsdtcp-security.c
+    * docs: improved README with Markdown
+    * docs: updated README file name for docs in Debian builds
+    * Fixed: post_inst_functions.sh to create amkey
+    * Fixed: added extern keyword for tu_debugging_enabled declaration in testutils.h
+    * Fixed: https://sogis.eu complaint symmetric encryption key derivation algorithm
+    * Fixed: removed perror to fix information leak vulnerability found in the calcsize SUID binary. (CVE-2022-37703)
+    * Fixed: added filter for RSH environment settings in rundump to fix privilege escalation vulnerability (CVE-2022-37704)
+    * Fixed: arg checking for runtar.c (CVE-2022-37705)
+
+
 2022-05-23 chassell <[email protected]>
 	* Purpose: set a default to disable auto-label from claiming non-amanda and "other-config" labels as if available
 	* Changes: Add a build flag to re-include options.  Block use of two enums for the features.  Change perl uses to null-set options.