Hello community,
here is the log from the commit of package patchinfo.12146 for
openSUSE:Leap:15.1:Update checked in at 2020-03-28 18:16:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12146 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12146.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12146"
Sat Mar 28 18:16:57 2020 rev:1 rq:787526 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="12146">
<issue tracker="cve" id="2019-16255"/>
<issue tracker="cve" id="2019-16254"/>
<issue tracker="cve" id="2012-6708"/>
<issue tracker="cve" id="2019-15845"/>
<issue tracker="cve" id="2019-16201"/>
<issue tracker="cve" id="2015-9251"/>
<issue tracker="cve" id="2020-8130"/>
<issue tracker="bnc" id="1164804">VUL-0: CVE-2020-8130: rubygem-rake: command
injection when supplying a filename that begins with the pipe character</issue>
<issue tracker="bnc" id="1152994">VUL-0: CVE-2019-15845:
ruby2.5,ruby,ruby2.1: A NUL injection vulnerability of File.fnmatch and
File.fnmatch?</issue>
<issue tracker="bnc" id="1152995">VUL-0: CVE-2019-16201:
ruby2.5,ruby,ruby2.1: Regular Expression Denial of Service vulnerability of
WEBrick's Digest access authentication</issue>
<issue tracker="bnc" id="1152990">VUL-0: CVE-2019-16255:
ruby2.5,ruby,ruby2.1: code injection vulnerability of Shell#[] and
Shell#test</issue>
<issue tracker="bnc" id="1162396">Non-commercial license in ruby2.5-stdlib
package</issue>
<issue tracker="bnc" id="1152992">VUL-0: CVE-2019-16254:
ruby2.5,ruby,ruby2.1: HTTP response splitting in WEBrick (Additional
fix)</issue>
<issue tracker="bnc" id="1140844">ruby2.5 test suite is not executed due to a
wrong parameter (-x) being supplied</issue>
<packager>darix</packager>
<rating>important</rating>
<category>security</category>
<summary>Recommended update for ruby2.5</summary>
<description>This update for ruby2.5 toversion 2.5.7 fixes the following
issues:
ruby 2.5 was updated to version 2.5.7
- CVE-2020-8130: Fixed a command injection in intree copy of rake (bsc#1164804).
- CVE-2019-16255: Fixed a code injection vulnerability of Shell#[] and
Shell#test (bsc#1152990).
- CVE-2019-16254: Fixed am HTTP response splitting in WEBrick (bsc#1152992).
- CVE-2019-15845: Fixed a null injection vulnerability of File.fnmatch and
File.fnmatch? (bsc#1152994).
- CVE-2019-16201: Fixed a regular expression denial of service of WEBrick
Digest access authentication (bsc#1152995).
- CVE-2012-6708: Fixed an XSS in JQuery
- CVE-2015-9251: Fixed an XSS in JQuery
- Fixed unit tests (bsc#1140844)
- Removed some unneeded test files (bsc#1162396).
This update was imported from the SUSE:SLE-15:Update update
project.</description>
</patchinfo>
