Hello community, here is the log from the commit of package patchinfo.4527 for openSUSE:13.2:Update checked in at 2016-01-14 23:39:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.4527 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.4527.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.4527" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="4527"> <issue id="961645" tracker="bnc">VUL-0: CVE-2016-0778: openssh: Buffer overflow in roaming code</issue> <issue id="961642" tracker="bnc">VUL-0: CVE-2016-0777: openssh: Information leak in ssh client</issue> <issue id="CVE-2016-0777" tracker="cve" /> <issue id="CVE-2016-0778" tracker="cve" /> <category>security</category> <rating>critical</rating> <packager>AndreasStieger</packager> <description> This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature (bsc#961642) - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflow in the OpenSSH client through the roaming feature (bsc#961645) This update disables the undocumented feature supported by the OpenSSH client and a commercial SSH server. </description> <summary>Security update for openssh</summary> </patchinfo>
