commit python-rfc3161-client for openSUSE:Factory

Mon, 13 Apr 2026 14:24:45 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-rfc3161-client for 
openSUSE:Factory checked in at 2026-04-13 23:20:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-rfc3161-client (Old)
 and      /work/SRC/openSUSE:Factory/.python-rfc3161-client.new.21863 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-rfc3161-client"

Mon Apr 13 23:20:22 2026 rev:5 rq:1346480 version:1.0.6

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-rfc3161-client/python-rfc3161-client.changes  
    2026-01-27 16:17:40.927413900 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-rfc3161-client.new.21863/python-rfc3161-client.changes
   2026-04-13 23:22:43.513628238 +0200
@@ -1,0 +2,9 @@
+Mon Apr 13 13:46:44 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 1.0.6 (fixes CVE-2026-33753, bsc#1261804)
+  * Fixed a bug where the verification incorrectly picked the leaf certificate.
+    This allowed an attacker who could modify a timestamp response to make a
+    legitimately-signed timestamp from TSA-A pass verification as if it came
+    fromTSA-B. 
+
+-------------------------------------------------------------------

Old:
----
  rfc3161_client-1.0.5.tar.gz

New:
----
  rfc3161_client-1.0.6.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-rfc3161-client.spec ++++++
--- /var/tmp/diff_new_pack.q4N2Eb/_old  2026-04-13 23:22:44.105652663 +0200
+++ /var/tmp/diff_new_pack.q4N2Eb/_new  2026-04-13 23:22:44.105652663 +0200
@@ -27,7 +27,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-rfc3161-client
-Version:        1.0.5
+Version:        1.0.6
 Release:        0
 Summary:        Python library implementing the Time-Stamp Protocol (TSP) 
described in RFC 3161
 License:        Apache-2.0

++++++ rfc3161_client-1.0.5.tar.gz -> rfc3161_client-1.0.6.tar.gz ++++++
++++ 1731 lines of diff (skipped)

++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/python-rfc3161-client/vendor.tar.zst 
/work/SRC/openSUSE:Factory/.python-rfc3161-client.new.21863/vendor.tar.zst 
differ: char 7, line 1

Reply via email to