Hello community, here is the log from the commit of package rabbitmq-server for openSUSE:Factory checked in at 2015-01-22 21:49:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rabbitmq-server (Old) and /work/SRC/openSUSE:Factory/.rabbitmq-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rabbitmq-server" Changes: -------- --- /work/SRC/openSUSE:Factory/rabbitmq-server/rabbitmq-server.changes 2014-12-03 22:48:02.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rabbitmq-server.new/rabbitmq-server.changes 2015-01-22 21:49:08.000000000 +0100 @@ -1,0 +2,27 @@ +Wed Jan 21 16:12:13 UTC 2015 - [email protected] + +- update to 3.4.3: + * prevent XSS attack in table key names (since 2.4.0) + (CVE-2015-0862) + * prevent XSS attack in policy names (since 3.4.0) + (CVE-2015-0862) + * prevent XSS attack in client details in the connections list + (CVE-2015-0862) + * prevent XSS attack in user names in the vhosts list or the vhost names + in the user list (since 2.4.0) + (CVE-2015-0862) + * prevent XSS attack in the cluster name (since 3.3.0) + (CVE-2015-0862) + * prevent /api/* from returning text/html error messages which could + act as an XSS vector (since 2.1.0) + * fix response-splitting vulnerability in /api/downloads (since 2.1.0) + * do not trust X-Forwarded-For header when enforcing 'loopback_users' + (CVE-2014-9494) + * disable SSLv3 by default to prevent the POODLE attack + + * see https://www.rabbitmq.com/release-notes/README-3.4.3.txt + * see https://www.rabbitmq.com/release-notes/README-3.4.2.txt + * see https://www.rabbitmq.com/release-notes/README-3.4.1.txt + * see https://www.rabbitmq.com/release-notes/README-3.4.0.txt + +------------------------------------------------------------------- Old: ---- rabbitmq-server-3.3.5.tar.gz New: ---- rabbitmq-server-3.4.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rabbitmq-server.spec ++++++ --- /var/tmp/diff_new_pack.T5I2Je/_old 2015-01-22 21:49:09.000000000 +0100 +++ /var/tmp/diff_new_pack.T5I2Je/_new 2015-01-22 21:49:09.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package rabbitmq-server # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %endif Name: rabbitmq-server -Version: 3.3.5 +Version: 3.4.3 Release: 0 Summary: The RabbitMQ Server License: MPL-1.1 @@ -197,7 +197,7 @@ %if 0%{?have_systemd} %service_del_preun %{name}.service %else -%stop_on_removal rabbitmq-server || : +%stop_on_removal rabbitmq-server %endif %postun ++++++ rabbitmq-server-3.3.5.tar.gz -> rabbitmq-server-3.4.3.tar.gz ++++++ ++++ 27519 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
