Hello community, here is the log from the commit of package patchinfo.14944 for openSUSE:Leap:15.2:Update checked in at 2020-11-14 06:25:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.14944 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.14944.new.24930 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.14944" Sat Nov 14 06:25:42 2020 rev:1 rq:847623 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="14944"> <issue tracker="bnc" id="1176259">VUL-1: zeromq: libzmq - Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP</issue> <issue tracker="bnc" id="1176258">VUL-0: zeromq: libzmq - Stack overflow on server running PUB/XPUB socket (CURVE disabled)</issue> <issue tracker="bnc" id="1176256">VUL-0: zeromq: libzmq - Heap overflow when receiving malformed ZMTP v1 packets</issue> <issue tracker="bnc" id="1176257">VUL-1: zeromq: libzmq - Memory leak in client induced by malicious server(s) without CURVE/ZAP</issue> <issue tracker="cve" id="2020-15166"/> <issue tracker="bnc" id="1176116">VUL-0: EMBARGOED: CVE-2020-15166: zeromq: zeromq connects peer before handshake is completed</issue> <packager>adamm</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for zeromq</summary> <description>This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo> _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
