Hello community, here is the log from the commit of package patchinfo.13894 for openSUSE:Leap:15.2:Update checked in at 2020-09-07 10:29:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.13894 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.13894.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.13894" Mon Sep 7 10:29:06 2020 rev:1 rq:831963 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="13894"> <issue tracker="bnc" id="1175665">VUL-0: CVE-2020-15811: squid: HTTP Request Splitting could result in cache poisoning</issue> <issue tracker="bnc" id="1175664">VUL-0: CVE-2020-15810: squid: HTTP Request Smuggling could result in cache poisoning</issue> <issue tracker="bnc" id="1173455">VUL-0: CVE-2020-15049: squid: multiple Cache Poisoning Issue in HTTP Request processing</issue> <issue tracker="bnc" id="1175671">VUL-0: CVE-2020-24606: squid: Denial of Service processing Cache Digest Response (SQUID-2020:9)</issue> <issue tracker="cve" id="2020-24606"/> <issue tracker="cve" id="2020-15049"/> <issue tracker="cve" id="2020-15811"/> <issue tracker="cve" id="2020-15810"/> <packager>adamm</packager> <rating>critical</rating> <category>security</category> <summary>Security update for squid</summary> <description>This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply (bsc#1175671). - CVE-2020-15811: Improve Transfer-Encoding handling (bsc#1175665). - CVE-2020-15810: Enforce token characters for field-name (bsc#1175664). This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>
