Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.17139 for openSUSE:Leap:15.2:Update checked in at 2021-11-13 16:07:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.17139 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.17139.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.17139" Sat Nov 13 16:07:19 2021 rev:2 rq:930853 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ --- /var/tmp/diff_new_pack.DRzuEx/_old 2021-11-13 16:07:20.580182685 +0100 +++ /var/tmp/diff_new_pack.DRzuEx/_new 2021-11-13 16:07:20.584182687 +0100 @@ -1,4 +1,5 @@ <patchinfo incident="17139"> +<retracted/> <issue id="1065729" tracker="bnc">[trackerbug] 4.12 powerpc base kernel fixes</issue> <issue id="1085030" tracker="bnc">SLES 15 RC1 - Additional patches for XIVE support (POWER9)</issue> <issue id="1100416" tracker="bnc">VUL-0: CVE-2018-13405: kernel-source: inode_init_owner function in fs/inode.c mishandled setgid directory file creation</issue> @@ -77,6 +78,8 @@ The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. +NOTE: This update was retracted due to a NFS regression. + The following security bugs were fixed: - CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416 bnc#1129735).
