Hello community, here is the log from the commit of package patchinfo.1427 for openSUSE:12.2:Update checked in at 2013-03-20 10:47:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.1427 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.1427.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1427", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="804415" tracker="bnc">VUL-0: CVE-2013-1667: perl: Denial of Service (CPU consumption) via specially-crafted, user-supplied hash keys</issue> <issue id="797060" tracker="bnc">VUL-1: perl: CVE-2012-6329: missing input sanitation</issue> <issue id="789994" tracker="bnc">VUL-1: CVE-2012-5526: perl: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers</issue> <issue id="755278" tracker="bnc">fix IPC::Open3 bug when '-' is used</issue> <issue id="CVE-2012-6329" tracker="cve" /> <issue id="CVE-2013-1667" tracker="cve" /> <issue id="CVE-2012-5526" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>mlschroe</packager> <description>Perl was updated to fix 3 security issues: - fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug was fixed: - fix IPC::Open3 bug when '-' is used [bnc#755278] </description> <summary>update for perl</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
