Hello community, here is the log from the commit of package patchinfo.2165 for openSUSE:12.2:Update checked in at 2013-11-09 09:19:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/patchinfo.2165 (Old) and /work/SRC/openSUSE:12.2:Update/.patchinfo.2165.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.2165" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="843509" tracker="bnc"> openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt</issue> <issue id="CVE-2013-2061" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>mtomaschewski</packager> <description>The following security issues were fixed: - Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpn_decrypt to address ciphertext injection in UDP mode (CVE-2013-2061, bnc#843509). [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch] Changes in openvpn: - Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpn_decrypt to address ciphertext injection in UDP mode (CVE-2013-2061, bnc#843509). [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch] </description> <summary>update for openvpn</summary> </patchinfo> -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
