Hello community, here is the log from the commit of package patchinfo.11805 for openSUSE:Leap:15.1:Update checked in at 2020-01-21 16:12:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.11805 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.11805.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.11805" Tue Jan 21 16:12:08 2020 rev:1 rq:764971 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="11805"> <issue tracker="cve" id="2019-15691"/> <issue tracker="cve" id="2019-15692"/> <issue tracker="cve" id="2019-15694"/> <issue tracker="cve" id="2019-15693"/> <issue tracker="cve" id="2019-15695"/> <issue tracker="bnc" id="1160250">VUL-0: CVE-2019-15692: tigervnc: improper value checks in CopyRectDecode may lead to heap buffer overflow</issue> <issue tracker="bnc" id="1159860">VUL-0: CVE-2019-15695: tigervnc: stack buffer overflow, which could be triggered from CMsgReader::readSetCurso</issue> <issue tracker="bnc" id="1159856">VUL-0: CVE-2019-15691: tigervnc: stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder</issue> <issue tracker="bnc" id="1160251">VUL-0: CVE-2019-15694: tigervnc: improper error handling in processing MemOutStream may lead to heap buffer overflow</issue> <issue tracker="bnc" id="1159858">VUL-0: CVE-2019-15693: tigervnc: heap buffer overflow in TightDecoder::FilterGradient</issue> <packager>sndirsch</packager> <rating>important</rating> <category>security</category> <summary>Security update for tigervnc</summary> <description>This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). This update was imported from the SUSE:SLE-15-SP1:Update update project.</description> </patchinfo>
