Hello community, here is the log from the commit of package patchinfo.5661 for openSUSE:13.2:Update checked in at 2016-10-13 14:15:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5661 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.5661.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.5661" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="5661"> <packager>msmeissn</packager> <issue tracker="cve" id="2016-7044"></issue> <issue tracker="cve" id="2016-7553"></issue> <issue tracker="cve" id="2016-7045"></issue> <issue tracker="bnc" id="999199">VUL-0: CVE-2016-7044, CVE-2016-7045: irssi: heap corruption and missing boundary checks</issue> <issue tracker="bnc" id="1001215">VUL-1: CVE-2016-7553: irssi: Information disclosure in buf.pl</issue> <category>security</category> <rating>moderate</rating> <summary>Security update for irssi</summary> <description>The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues. * CVE-2016-7044: The unformat_24bit_color function in the format parsing code in Irssi, when compiled with true-color enabled, allowed remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. * CVE-2016-7045: The format_send_to_gui function in the format parsing code in Irssi allowed remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. See https://irssi.org/security/irssi_sa_2016.txt for more details. * CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl See https://irssi.org/2016/09/22/buf.pl-update/ for more information. </description> </patchinfo>