Hello community, here is the log from the commit of package patchinfo.1780 for openSUSE:12.2:Update checked in at 2013-06-24 14:45:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.1780 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.1780.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1780" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="767616" tracker="bnc">VUL-1: CVE-2012-3291: openconnect: crafted greeting banners can cause a Denial of Service via a heap-based memory corruption</issue> <issue id="CVE-2012-3291" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>robert_munteanu</packager> <description>This openconnect update to version 3.20 includes several security and bug fixes. - fix bnc#767616 - fix for CVE-2012-3291 - make vpnc mandatory during build, following upstream changes - package documentation in a -doc package - Update to version 3.20 * Cope with non-keepalive HTTP response on authentication success. * Fix progress callback with incorrect cbdata which caused KDE crash. - Update to version 3.19 * Enable native TPM support when built with GnuTLS. * Enable PKCS#11 token support when built with GnuTLS. * Eliminate all SSL library exposure through libopenconnect. * Parse split DNS information, provide $CISCO_SPLIT_DNS environment variable to vpnc-script. * Attempt to provide new-style MTU information to server (on Linux only, unless specified on command line). * Allow building against GnuTLS, including DTLS support. * Add --with-pkgconfigdir= option to configure for FreeBSD's benefit (fd#48743). - Update to version 3.18 * Fix autohate breakage with --disable-nls... hopefully. * Fix buffer overflow in banner handling. - Update to version 3.17 * Work around time() brokenness on Solaris. * Fix interface plumbing on Solaris 10. * Provide asprintf() function for (unpatched) Solaris 10. * Make vpnc-script mandatory, like it is for vpnc * Don't set Legacy IP address on tun device; let vpnc-script do it. * Detect OpenSSL even without pkg-config. * Stop building static library by default. * Invoke vpnc-script with "pre-init" reason to load tun module if necessary. - Update to version 3.16 * Fix build failure on Debian/kFreeBSD and Hurd. * Fix memory leak of deflated packets. * Fix memory leak of zlib state on CSTP reconnect. * Eliminate memcpy() calls on packets from DTLS and tunnel device. * Use I_LINK instead of I_PLINK on Solaris to plumb interface for Legacy IP. * Plumb interface for IPv6 on Solaris, instead of expecting vpnc-script to do it. * Refer to vpnc-script and help web pages in openconnect output. * Fix potential crash when processing libproxy results. * Be more conservative in detecting libproxy without pkg-config. </description> <summary>update for openconnect</summary> </patchinfo> -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
