Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package patchinfo.15747 for
openSUSE:Leap:15.2:Update checked in at 2021-02-08 18:05:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.15747 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.15747.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.15747"
Mon Feb 8 18:05:06 2021 rev:1 rq:869788 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="15747">
<issue tracker="bnc" id="1181650">VUL-0: CVE-2021-20216, CVE-2021-20217:
privoxy: two DoS issues fixed in Privoxy 3.0.31 stable</issue>
<issue tracker="cve" id="2021-20216"/>
<issue tracker="cve" id="2021-20217"/>
<packager>AndreasStieger</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for privoxy</summary>
<description>This update for privoxy fixes the following issues:
- Update to version 3.0.31:
- Security/Reliability (boo#1181650)
- Prevent an assertion from getting triggered by a crafted
CGI request.
Commit 5bba5b89193fa. OVE-20210130-0001. CVE-2021-20217
Reported by: Joshua Rogers (Opera)
- Fixed a memory leak when decompression fails "unexpectedly".
Commit f431d61740cc0. OVE-20210128-0001. CVE-2021-20216
- Bug fixes:
- Fixed detection of insufficient data for decompression.
Previously Privoxy could try to decompress a partly
uninitialized buffer.
</description>
</patchinfo>
