uto-generated Date: Wed, 29 Apr 2026 14:48:34 +0000 Message-Id: <69f21a42.3d588.3106a5da@gitrepo.freebsd.org> The branch releng/15.0 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=bbfdabc12895ce2538444747684c6a4fe53298ba commit bbfdabc12895ce2538444747684c6a4fe53298ba Author: Mark Johnston AuthorDate: 2026-04-28 20:09:31 +0000 Commit: Mark Johnston CommitDate: 2026-04-28 20:09:31 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 29 +++++++++++++++++++++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index f6a6ce827ab8..48901e006793 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,35 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260429: + 15.0-RELEASE-p7 SA-26:12.dhclient + SA-26:13.exec + SA-26:14.pf + SA-26:15.dhclient + SA-26:16.libnv + SA-26:17.libnv + EN-26:08.pf + EN-26:09.tzdata + EN-26:10.amd64 + + Remote code execution via malicious DHCP options. [SA-26:12.dhclient] + + Local privilege escalation via execve(). [SA-26:13.exec] + + pf can overflow the stack parsing crafted SCTP packets. [SA-26:14.pf] + + Remotely triggerable out-of-bounds heap write in dhclient. [SA-26:15.dhclient] + + Stack overflow via select() file descriptor set overflow. [SA-26:16.libnv] + + Heap overflow in libnv. [SA-26:17.libnv] + + Incorrect duplicate rule detection for automatic tables. [EN-26:08.pf] + + Timezone database information update. [EN-26:09.tzdata] + + TLB invalidation bug on AMD systems with INVLPGB. [EN-26:10.amd64] + 20260421: 15.0-RELEASE-p6 SA-26:10.tty SA-26:11.amd64 diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 0e4301c996bb..285aadd1f763 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -51,7 +51,7 @@ TYPE="FreeBSD" REVISION="15.0" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi