Hello community, here is the log from the commit of package patchinfo.14534 for openSUSE:Leap:15.2:Update checked in at 2020-10-17 06:22:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.14534 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.14534.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.14534" Sat Oct 17 06:22:45 2020 rev:1 rq:841643 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="14534"> <issue tracker="cve" id="2020-25219"/> <issue tracker="cve" id="2020-26154"/> <issue tracker="bnc" id="1177143">VUL-0: CVE-2020-26154: libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow</issue> <issue tracker="bnc" id="1176410">VUL-0: CVE-2020-25219: libproxy: url:recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads</issue> <packager>mgorse</packager> <rating>important</rating> <category>security</category> <summary>Security update for libproxy</summary> <description>This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>