commit libcoap for openSUSE:Factory

Source-Sync Fri, 28 Nov 2025 07:55:38 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libcoap for openSUSE:Factory checked 
in at 2025-11-28 16:53:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcoap (Old)
 and      /work/SRC/openSUSE:Factory/.libcoap.new.14147 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libcoap"

Fri Nov 28 16:53:01 2025 rev:3 rq:1320384 version:4.3.5a

Changes:
--------
--- /work/SRC/openSUSE:Factory/libcoap/libcoap.changes  2025-02-22 
19:06:40.271085224 +0100
+++ /work/SRC/openSUSE:Factory/.libcoap.new.14147/libcoap.changes       
2025-11-28 16:54:42.210760558 +0100
@@ -1,0 +2,16 @@
+Thu Nov 27 18:35:11 UTC 2025 - Andreas Stieger <[email protected]>
+
+- Update to 4.3.5a:
+  * CVE-2025-65493: null pointer dereference in BIO_get_data() can cause a 
denial of service (boo#1254187)
+  * CVE-2025-65494: null pointer dereference in sk_GENERAL_NAME_value() can 
cause a denial of service (boo#1254188)
+  * CVE-2025-65495: integer signedness error in tls_verify_call_back() can 
cause a denial of service (boo#1254191)
+  * CVE-2025-65496: null pointer dereference in coap_dtls_generate_cookie() 
can cause a denial of service (boo#1254189)
+  * CVE-2025-65497: null pointer dereference in coap_dtls_generate_cookie() 
can cause a denial of service (boo#1254190)
+  * CVE-2025-65498: null pointer dereference in SSL_get_SSL_CTX() can cause a 
denial of service (boo#1254186)
+  * CVE-2025-65499: array index error in tls_verify_call_back() can cause a 
denial of service (boo#1254194)
+  * CVE-2025-65500: null pointer dereference in coap_dtls_generate_cookie() 
can cause a denial of service (boo#1254192)
+  * CVE-2025-65501: null pointer dereference in coap_dtls_info_callback() can 
cause a denial of service (boo#1254193)
+  * Support for RIOT update changes
+  * Functional bug fixes
+
+-------------------------------------------------------------------

Old:
----
  libcoap-4.3.5.tar.gz

New:
----
  libcoap-4.3.5a.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libcoap.spec ++++++
--- /var/tmp/diff_new_pack.D4JqbG/_old  2025-11-28 16:54:43.498814791 +0100
+++ /var/tmp/diff_new_pack.D4JqbG/_new  2025-11-28 16:54:43.502814960 +0100
@@ -24,7 +24,7 @@
 # TODO: docs contain the current date
 %bcond_with docs
 Name:           libcoap
-Version:        4.3.5
+Version:        4.3.5a
 Release:        0
 Summary:        C implementation of Constrained Application Protocol (CoAP)
 License:        BSD-2-Clause

++++++ libcoap-4.3.5.tar.gz -> libcoap-4.3.5a.tar.gz ++++++
++++ 5434 lines of diff (skipped)

commit libcoap for openSUSE:Factory

Reply via email to