Wed Oct 10 23:09:36 UTC 2018

a/kernel-firmware-20181008_c6b6265-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.75-i586-1.txz: Upgraded.
a/kernel-generic-smp-4.14.75_smp-i686-1.txz: Upgraded.
a/kernel-huge-4.14.75-i586-1.txz: Upgraded.
a/kernel-huge-smp-4.14.75_smp-i686-1.txz: Upgraded.
a/kernel-modules-4.14.75-i586-1.txz: Upgraded.
a/kernel-modules-smp-4.14.75_smp-i686-1.txz: Upgraded.
d/git-2.19.1-i586-1.txz: Upgraded.
Submodules' "URL"s come from the untrusted .gitmodules file, but we
blindly gave it to "git clone" to clone submodules when "git clone
--recurse-submodules" was used to clone a project that has such a
submodule. The code has been hardened to reject such malformed URLs
(e.g. one that begins with a dash). Credit for finding and fixing this
vulnerability goes to joernchen and Jeff King, respectively.
For more information, see:
(* Security fix *)
d/kernel-headers-4.14.75_smp-x86-1.txz: Upgraded.
d/make-4.2.1-i586-4.txz: Rebuilt.
Use a non-blocking read with pselect to avoid hangs.
Thanks to Linux.tar.gz and David Spencer.
d/subversion-1.10.3-i586-1.txz: Upgraded.
k/kernel-source-4.14.75_smp-noarch-1.txz: Upgraded.
Config changes since 4.14.74:
FB_HYPERV n -> m
Thanks to walecha.
l/librsvg-2.44.7-i586-1.txz: Upgraded.
l/python-pillow-5.3.0-i586-1.txz: Upgraded.
n/nghttp2-1.34.0-i586-1.txz: Upgraded.
x/libSM-1.2.3-i586-1.txz: Upgraded.
x/libX11-1.6.7-i586-1.txz: Upgraded.
x/libdrm-2.4.95-i586-1.txz: Upgraded.
x/libxcb-1.13.1-i586-1.txz: Upgraded.
x/vulkan-sdk- Upgraded.
Thanks to dugan.
xap/gnuplot-5.2.5-i586-1.txz: Upgraded.
extra/linux-4.14.75-nosmp-sdk/*: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.