Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.15985 for openSUSE:Leap:15.2:Update checked in at 2021-03-25 09:11:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.15985 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.15985.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.15985" Thu Mar 25 09:11:45 2021 rev:1 rq:881066 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="15985"> <issue tracker="bnc" id="1179999">VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh</issue> <issue tracker="bnc" id="1182165">AUDIT-FIND: hawk: Limit the filenames of uploaded reports</issue> <issue tracker="bnc" id="1182166">VUL-0: EMBARGOED: CVE-2021-25314: hawk: Insecure file permissions</issue> <issue tracker="cve" id="2020-35459"/> <issue tracker="cve" id="2021-25314"/> <packager>dmaiocchi</packager> <rating>important</rating> <category>security</category> <summary>Security update for hawk2</summary> <description>This update for hawk2 fixes the following issues: - Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165) This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>
