Hello community, here is the log from the commit of package patchinfo.12097 for openSUSE:Leap:15.1:Update checked in at 2020-03-15 06:15:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12097 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12097.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12097" Sun Mar 15 06:15:08 2020 rev:1 rq:783109 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12097"> <issue tracker="cve" id="2020-7063"/> <issue tracker="cve" id="2020-7059"/> <issue tracker="cve" id="2020-7060"/> <issue tracker="cve" id="2020-7062"/> <issue tracker="bnc" id="1165289">VUL-0: CVE-2020-7063: php5,php72,php7: creating PHAR archive using PharData:buildFromIterator() function will add files with default permissions</issue> <issue tracker="bnc" id="1162632">VUL-0: CVE-2020-7060: php5,php72,php7,php53: Global buffer-overflow in mbfl_filt_conv_big5_wchar function</issue> <issue tracker="bnc" id="1165280">VUL-1: CVE-2020-7062: php5,php72,php7: null pointer dereference when using file upload functionality under specific circumstances</issue> <issue tracker="bnc" id="1162629">VUL-0: CVE-2020-7059: php5,php72,php7,php53: Out of bounds read in php_strip_tags_ex</issue> <packager>pgajdos</packager> <rating>important</rating> <category>security</category> <summary>Security update for php7</summary> <description>This update for php7 fixes the following issues: - CVE-2020-7062: Fixed a null pointer dereference when using file upload functionality under specific circumstances (bsc#1165280). - CVE-2020-7063: Fixed an issue where adding files change the permissions to default (bsc#1165289). - CVE-2020-7059: Fixed an out of bounds read in php_strip_tags_ex which may have led to denial of service (bsc#1162629). - CVE-2020-7060: Fixed a global buffer overflow in mbfl_filt_conv_big5_wchar which may have led to memory corruption (bsc#1162632). This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>