Hello community, here is the log from the commit of package patchinfo.2594 for openSUSE:13.1:Update checked in at 2014-03-06 09:04:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.2594 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.2594.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.2594" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="864194" tracker="bnc">VUL-0: CVE-2014-2029: Percona Toolkit and XtraBackup automatic version check transmits information to external entity</issue> <issue id="CVE-2014-2029" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>AndreasStieger</packager> <description> percona-toolkit and xtrabackup were updated: - disable automatic version check for all tools [bnc#864194] Prevents transmission of version information to an external host in the default configuration. CVE-2014-2029 Can be used by owner of a Percona Server (or an attacker who can control this destination for the client) to collect arbitrary MySQL configuration parameters and execute commands (with -v). Now the version check needs to be requested via command line or global/tool specific/user configuration. (--version-check) - added /etc/percona-toolkit/percona-toolkit.conf configuration directory and template configuration file </description> <summary>percona-toolkit,xtrabackup: disable remote version check</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
