Hello community, here is the log from the commit of package patchinfo.2401 for openSUSE:12.3:Update checked in at 2013-12-25 17:19:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.2401 (Old) and /work/SRC/openSUSE:12.3:Update/.patchinfo.2401.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.2401" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="Update"> <binary>webyast-base</binary> <binary>webyast-base-branding-default</binary> <binary>webyast-base-testsuite</binary> <packager>lslezak</packager> <issue tracker="cve" id="CVE-2013-3709"></issue> <issue tracker="bnc" id="851116">VUL-0: CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution</issue> <category>security</category> <rating>important</rating> <summary>Fixes a local vulnerability</summary> <description>Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116)</description> </patchinfo> -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
