Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xstream for openSUSE:Factory checked 
in at 2021-04-27 21:34:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xstream (Old)
 and      /work/SRC/openSUSE:Factory/.xstream.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "xstream"

Tue Apr 27 21:34:46 2021 rev:4 rq:888519 version:1.4.16

Changes:
--------
--- /work/SRC/openSUSE:Factory/xstream/xstream.changes  2021-04-17 
00:01:38.857582947 +0200
+++ /work/SRC/openSUSE:Factory/.xstream.new.12324/xstream.changes       
2021-04-27 21:34:57.592013190 +0200
@@ -5,2 +5,21 @@
-  * fixes bsc#1184796, CVE-2021-21351 and bsc#1184797,
-    CVE-2021-21349
+  * Security fixes:
+    + bsc#1184796, CVE-2021-21351: remote attacker to load and
+      execute arbitrary code
+    + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote
+      attacker to request data from internal resources
+    + bsc#1184380, CVE-2021-21350: arbitrary code execution
+    + bsc#1184374, CVE-2021-21348: remote attacker could cause
+      denial of service by consuming maximum CPU time
+    + bsc#1184378, CVE-2021-21347: remote attacker to load and
+      execute arbitrary code from a remote host
+    + bsc#1184375, CVE-2021-21344: remote attacker could load and
+      execute arbitrary code from a remote host
+    + bsc#1184379, CVE-2021-21342: server-side forgery
+    + bsc#1184377, CVE-2021-21341: remote attacker could cause a
+      denial of service by allocating 100% CPU time
+    + bsc#1184373, CVE-2021-21346: remote attacker could load and
+      execute arbitrary code
+    + bsc#1184372, CVE-2021-21345: remote attacker with sufficient
+      rights could execute commands
+    + bsc#1184376, CVE-2021-21343: replace or inject objects, that
+      result in the deletion of files on the local host

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------

Reply via email to