Hello community, here is the log from the commit of package patchinfo.12185 for openSUSE:Leap:15.1:Update checked in at 2020-03-31 00:20:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12185 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12185.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12185" Tue Mar 31 00:20:41 2020 rev:1 rq:788319 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12185"> <issue tracker="cve" id="2019-12921"/> <issue tracker="cve" id="2020-10938"/> <issue tracker="bnc" id="1167623">VUL-1: CVE-2020-10938: GraphicsMagick: integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c</issue> <issue tracker="bnc" id="1167208">VUL-1: CVE-2019-12921: GraphicsMagick,ImageMagick: the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG</issue> <packager>pgajdos</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for GraphicsMagick</summary> <description>This update for GraphicsMagick fixes the following issues: - CVE-2019-12921: Fixed an issue where text filename components potentially coulf have allowed reading of arbitrary files via TranslateTextEx (boo#1167208). - CVE-2020-10938: Fixed an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImages (boo#1167623). </description> </patchinfo>
