Hello community, here is the log from the commit of package patchinfo.12494 for openSUSE:Leap:15.1:Update checked in at 2020-05-03 18:19:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12494 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12494.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12494" Sun May 3 18:19:30 2020 rev:1 rq:799272 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12494"> <issue tracker="bnc" id="1100694">VUL-0: CVE-2018-1000613: bouncycastle: prior to version 1.60 contains a CWE-470: Use of Externally-ControlledInput to Select Classes or Code ('Unsafe Reflection')</issue> <issue tracker="bnc" id="1072697">VUL-0: CVE-2017-13098: bouncycastle: TLS server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing plaintext recovery or MITM attack</issue> <issue tracker="cve" id="2018-1000613"/> <issue tracker="cve" id="2017-13098"/> <packager>pmonrealgonzalez</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for bouncycastle</summary> <description>This update for bouncycastle fixes the following issues: Version update to 1.60: * CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code (boo#1100694) * Release notes: http://www.bouncycastle.org/releasenotes.html Version update to 1.59: * CVE-2017-13098: Fix against Bleichenbacher oracle when not using the lightweight APIs (boo#1072697). * Release notes: http://www.bouncycastle.org/releasenotes.html </description> </patchinfo>