Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ofono for openSUSE:Factory checked in at 2026-06-22 17:33:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ofono (Old) and /work/SRC/openSUSE:Factory/.ofono.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ofono" Mon Jun 22 17:33:45 2026 rev:35 rq:1360835 version:2.19 Changes: -------- --- /work/SRC/openSUSE:Factory/ofono/ofono.changes 2026-06-02 16:02:49.479210843 +0200 +++ /work/SRC/openSUSE:Factory/.ofono.new.1956/ofono.changes 2026-06-22 17:33:56.959226685 +0200 @@ -1,0 +2,19 @@ +Sun Jun 21 12:38:26 UTC 2026 - Martin Pluskal <[email protected]> + +- Reference the tracking bugs for the SMS/STK/USSD decoder security + fixes applied upstream across the 2.14-2.17 updates: + * SMS decoder stack buffer overflows: CVE-2023-2794 (boo#1218292), + CVE-2023-4232 (boo#1218293), CVE-2023-4233 (boo#1218294), + CVE-2023-4234 (boo#1218295), CVE-2023-4235 (boo#1218296) + * SMS PDU / message-list parsing overflows and OOB read: + CVE-2024-7537 (boo#1228903), CVE-2024-7547 (boo#1228917) + * AT-command / USSD response parsing overflows: CVE-2024-7538 + (boo#1228904), CVE-2024-7539 (boo#1228905) + * Uninitialized-memory information disclosure: CVE-2024-7540 + (boo#1228906), CVE-2024-7541 (boo#1228907), CVE-2024-7542 + (boo#1228908) + * STK command PDU heap overflows: CVE-2024-7543 (boo#1228910), + CVE-2024-7544 (boo#1228913), CVE-2024-7545 (boo#1228914), + CVE-2024-7546 (boo#1228916) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
