Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.17481 for openSUSE:Leap:15.3:Update checked in at 2022-05-18 12:01:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.3:Update/patchinfo.17481 (Old) and /work/SRC/openSUSE:Leap:15.3:Update/.patchinfo.17481.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.17481" Wed May 18 12:01:44 2022 rev:1 rq:975427 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="17481"> <category>security</category> <rating>moderate</rating> <issue tracker="bnc" id="1199047">The TCP port of the HTTP server is privileged or already in use: (port = 8042)</issue> <issue tracker="bnc" id="1191938">VUL-1: CVE-2020-27304: civetweb: missing uploaded filepath validation in the default form-based file upload mechanism</issue> <issue tracker="cve" id="2020-27304"></issue> <packager>DocB</packager> <summary>Security update for civetweb</summary> <description> civetweb was updated to: - do not load libcrypto/libssl dynamically, just link against them (bsc#1199047) Version 1.15 * New configuration for URL decoding * CVE-2020-27304: Sanitize filenames in handle form (bsc#1191938) * Example ???embedded_c.c???: Do not overwrite files (possible security issue) * Remove obsolete examples * Remove ???experimental??? label for some features * Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier * Modifications to build scripts, required due to changes in the test environment * Unix domain socket support fixed * Fixes for NO_SSL_DL * Fixes for some warnings / static code analysis </description> </patchinfo>
