Hello community, here is the log from the commit of package libXi for openSUSE:Factory checked in at 2013-06-29 19:42:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libXi (Old) and /work/SRC/openSUSE:Factory/.libXi.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libXi" Changes: -------- --- /work/SRC/openSUSE:Factory/libXi/libXi.changes 2013-04-05 17:04:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libXi.new/libXi.changes 2013-06-29 19:43:00.000000000 +0200 @@ -1,0 +2,11 @@ +Fri Jun 28 12:32:47 UTC 2013 - [email protected] + +- Update to version 1.7.1.901: + First and likely only RC for libXi 1.7.2. This one has a bunch of changes + for CVE-2013-1998, CVE-2013-1984 and CVE-2013-1995. These relate to various + integer overflows and other corruption that happens if we trust the server + a bit too much on the data we're being sent. + On top of those fixes, the sequence number in XI2 events is now set + propertly too (#64687). + +------------------------------------------------------------------- Old: ---- libXi-1.7.1.tar.bz2 New: ---- libXi-1.7.1.901.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libXi.spec ++++++ --- /var/tmp/diff_new_pack.uIgoLq/_old 2013-06-29 19:43:01.000000000 +0200 +++ /var/tmp/diff_new_pack.uIgoLq/_new 2013-06-29 19:43:01.000000000 +0200 @@ -18,7 +18,7 @@ Name: libXi %define lname libXi6 -Version: 1.7.1 +Version: 1.7.1.901 Release: 0 Summary: X Input Extension library License: MIT ++++++ libXi-1.7.1.tar.bz2 -> libXi-1.7.1.901.tar.bz2 ++++++ ++++ 4424 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
