A git security update has been released for Arch Linux. This update address two security issues:
1) CVE-2018-11233 (information disclosure). A security issue has been found in git before 2.17.1, where the code that sanify-check paths in is_ntfs_dotgit() could have been tricked into reading random pieces of memory.
2) CVE-2018-11235 (arbitrary code execution). With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name.
Updated thunderbird packages has been released for Arch Linux
Updated curl packages are available for Arch Linux
Updated zathura-pdf-mupdf packages has been released for Arch Linux
A runc security advisory has been published for Arch Linux
Updated Drupal packages has been released for Arch Linux
Updated Apache packages has been released for Arch Linux
Updated Drupal packages has been released for Arch Linux
Updated thunderbird packages has been released for Arch Linux
An updated lib32-libvorbis package has been released for Arch Linux
A ntp security update is available for Arch Linux
An updated Samba package has been released for Arch Linux
A PostgreSQL security advisory has been published for Arch Linux
Updated mbedtls packages are available for Arch Linux to address a vulnerable to arbitrary code execution
A new security advisory for Arch Linux has been published
A sthttpd security advisory has been published for ArchLinux
A ClamAV security advisory has been published for Arch Linux
A new security advisory has been published for Arch Linux
A qtpass security update is now available for Arch Linux
An intel-ucode package is available for Arch Linux
An updated GraphicsMagick package has been released for Arch Linux
An updated linux-lts package has been released for Arch Linux
Updated mongodb packages has been released for Arch Linux
Updated Firefox packages with security fixes for Meltdown and Spectre timing attacks and Chromium packages has been released for Arch Linux