Hello community,

here is the log from the commit of package tboot for openSUSE:Factory checked 
in at 2017-11-16 14:04:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
 and      /work/SRC/openSUSE:Factory/.tboot.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "tboot"

Thu Nov 16 14:04:28 2017 rev:29 rq:542218 version:20170711_1.9.6

Changes:
--------
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes      2017-11-11 
14:20:13.289846699 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2017-11-16 
14:04:31.529990698 +0100
@@ -1,0 +2,8 @@
+Thu Nov 16 09:49:48 UTC 2017 - matthias.gerst...@suse.com
+
+- tboot-CVE-2017-16837.patch: fix a major security issue in tboot. tboot
+  failed to validate a number of immutable function pointers, which could
+  allow an attacker to bypass the chain of trust and execute arbitrary code
+  (bnc#1068390, CVE-2017-16837).
+
+-------------------------------------------------------------------

New:
----
  tboot-CVE-2017-16837.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ tboot.spec ++++++
--- /var/tmp/diff_new_pack.HgRMut/_old  2017-11-16 14:04:32.277963588 +0100
+++ /var/tmp/diff_new_pack.HgRMut/_new  2017-11-16 14:04:32.281963443 +0100
@@ -28,6 +28,7 @@
 Patch3:         tboot-grub2-fix-menu-in-xen-host-server.patch
 Patch4:         tboot-grub2-fix-xen-submenu-name.patch
 Patch5:         tboot-openssl-1-1-0.patch
+Patch6:         tboot-CVE-2017-16837.patch
 # PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  openssl-devel
@@ -44,6 +45,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 export CFLAGS="%{optflags}"

++++++ tboot-CVE-2017-16837.patch ++++++
++++ 1059 lines (skipped)


Reply via email to