Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.15581 for openSUSE:Leap:15.2:Update checked in at 2021-01-22 17:22:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.15581 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.15581.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.15581" Fri Jan 22 17:22:21 2021 rev:1 rq:864636 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="15581"> <issue tracker="bnc" id="1180145">VUL-0: CVE-2020-26259: xstream: Arbitrary File Deletion on the local host when unmarshalling</issue> <issue tracker="bnc" id="1180994">VUL-0: CVE-2020-26217: xstream: remote code execution due to insecure XML deserialization when relying on blocklists</issue> <issue tracker="bnc" id="1180146">VUL-0: CVE-2020-26258: xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling</issue> <issue tracker="cve" id="2020-26217"/> <issue tracker="cve" id="2020-26258"/> <issue tracker="cve" id="2020-26259"/> <packager>fstrba</packager> <rating>important</rating> <category>security</category> <summary>Security update for xstream</summary> <description>This update for xstream fixes the following issues: xstream was updated to version 1.4.15. - CVE-2020-26217: Fixed a remote code execution due to insecure XML deserialization when relying on blocklists (bsc#1180994). - CVE-2020-26258: Fixed a server-side request forgery vulnerability (bsc#1180146). - CVE-2020-26259: Fixed an arbitrary file deletion vulnerability (bsc#1180145). This update was imported from the SUSE:SLE-15-SP2:Update update project.</description> </patchinfo>
