Hello community, here is the log from the commit of package patchinfo.14910 for openSUSE:Leap:15.2:Update checked in at 2020-11-07 10:56:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.14910 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.14910.new.11331 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.14910" Sat Nov 7 10:56:04 2020 rev:1 rq:846438 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="14910"> <issue tracker="cve" id="2020-8432"/> <issue tracker="cve" id="2020-10648"/> <issue tracker="bnc" id="1162198">VUL-0: CVE-2020-8432: u-boot: double free in the cmd/gpt.c do_rename_gpt_parts() function, allowing an attacker to execute arbitrary code</issue> <issue tracker="bnc" id="1167209">VUL-0: CVE-2020-10648: u-boot: verified boot improper signature verification</issue> <packager>mbrugger</packager> <rating>important</rating> <category>security</category> <summary>Security update for u-boot</summary> <description>This update for u-boot fixes the following issues: - CVE-2020-8432: Fixed a double free in the cmd/gpt.c do_rename_gpt_parts() function, which allowed an attacker to execute arbitrary code (bsc#1162198) - CVE-2020-10648: Fixed improper signature verification during verified boot (bsc#1167209). This update was imported from the SUSE:SLE-15-SP2:Update update project.</description> </patchinfo>
