Hello community,
here is the log from the commit of package patchinfo.2086 for
openSUSE:12.2:Update checked in at 2013-10-23 10:23:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.2086 (Old)
and /work/SRC/openSUSE:12.2:Update/.patchinfo.2086.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.2086"
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<issue id="846174" tracker="bnc">VUL-0: CVE-2013-2186:
jakarta-commons-fileupload: null byte injection flaw</issue>
<issue id="CVE-2013-2186" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>mvyskocil</packager>
<description>
A remote attacker could supply a serialized instance of the
DiskFileItem class, which would be deserialized on a server and write arbitrary
content to any location on the server that is permitted by the user running the
application server process. bnc#846174/CVE-2013-2186
</description>
<summary>update for jakarta-commons-fileupload</summary>
</patchinfo>
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
