Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package icinga2 for openSUSE:Factory checked 
in at 2021-07-16 00:00:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/icinga2 (Old)
 and      /work/SRC/openSUSE:Factory/.icinga2.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "icinga2"

Fri Jul 16 00:00:46 2021 rev:36 rq:906463 version:2.12.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/icinga2/icinga2.changes  2021-06-01 
10:38:53.368958891 +0200
+++ /work/SRC/openSUSE:Factory/.icinga2.new.2625/icinga2.changes        
2021-07-16 00:03:17.404317487 +0200
@@ -1,0 +2,33 @@
+Thu Jul 15 10:46:45 UTC 2021 - ecsos <ec...@opensuse.org>
+
+- Update to 2.12.5
+  Version 2.12.5 fixes two security vulnerabilities that may lead
+  to privilege escalation for authenticated API users.
+  Other improvements include several bugfixes related to downtimes,
+  downtime notifications, and more reliable connection handling.
+  * Security
+    - Don't expose the PKI ticket salt via the API. This may lead
+      to privilege escalation for authenticated API users by them
+      being able to request certificates for other identities
+      (CVE-2021-32739)
+    - Don't expose IdoMysqlConnection, IdoPgsqlConnection, and
+      ElasticsearchWriter passwords via the API
+      (CVE-2021-32743)
+    - Windows: Update bundled OpenSSL to version 1.1.1k #8888
+    Depending on your setup, manual intervention beyond installing
+    the new versions may be required, so please read the more
+    detailed information in the release blog post carefully.
+  * Bugfixes
+    - Don't send downtime end notification if downtime hasn't
+      started #8878
+    - Don't let a failed downtime creation block the others #8871
+    - Support downtimes and comments for checkables with long names
+      #8870
+    - Trigger fixed downtimes immediately if the current time
+      matches (instead of waiting for the timer) #8891
+    - Add configurable timeout for full connection handshake #8872
+  * Enhancements
+    - Replace existing downtimes on ScheduledDowntime change #8880
+    - Improve crashlog #8869
+
+-------------------------------------------------------------------

Old:
----
  v2.12.4.tar.gz

New:
----
  v2.12.5.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ icinga2.spec ++++++
--- /var/tmp/diff_new_pack.mVHQCI/_old  2021-07-16 00:03:17.944313159 +0200
+++ /var/tmp/diff_new_pack.mVHQCI/_new  2021-07-16 00:03:17.948313128 +0200
@@ -99,7 +99,7 @@
 %else
 %endif
 Name:           icinga2
-Version:        2.12.4
+Version:        2.12.5
 Release:        %{revision}%{?dist}
 URL:            https://www.icinga.com/
 Source:         https://github.com/Icinga/%{name}/archive/v%{version}.tar.gz

++++++ v2.12.4.tar.gz -> v2.12.5.tar.gz ++++++
/work/SRC/openSUSE:Factory/icinga2/v2.12.4.tar.gz 
/work/SRC/openSUSE:Factory/.icinga2.new.2625/v2.12.5.tar.gz differ: char 13, 
line 1

Reply via email to