Hello community, here is the log from the commit of package patchinfo.3762 for openSUSE:13.2:Update checked in at 2015-05-19 10:11:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.3762 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.3762.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.3762" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="3762"> <issue id="929192" tracker="bnc">VUL-0: CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668, CVE-2015-2305: clamav: 0.98.7</issue> <issue id="CVE-2015-2221" tracker="cve" /> <issue id="CVE-2015-2668" tracker="cve" /> <issue id="CVE-2015-2222" tracker="cve" /> <issue id="CVE-2015-2305" tracker="cve" /> <issue id="CVE-2015-2170" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>rmax</packager> <description>The ClamAV antivirus engine was updated to version 0.98.7 to fix several security and non-security issues. The following vulnerabilities were fixed (bsc#929192): * CVE-2015-2170: Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2221: Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. * CVE-2015-2222: Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. * CVE-2015-2668: Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. * CVE-2015-2305: Apply upstream patch for possible heap overflow in Henry Spencer's regex library. The following bugfixes were applyed (bsc#929192): * Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong. * Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior. * Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior. * Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes. * Fix segfault scanning certain HTML files. Reported with sample by Kai Risku. * Improve detections within xar/pkg files. * Improvements to PDF processing: decryption, escape sequence handling, and file property collection. * Scanning/analysis of additional Microsoft Office 2003 XML format. </description> <summary>Security update for clamav</summary> </patchinfo>
