commit patchinfo.12014 for openSUSE:Leap:15.1:Update

Tue, 03 Mar 2020 09:13:26 -0800 

Hello community,

here is the log from the commit of package patchinfo.12014 for 
openSUSE:Leap:15.1:Update checked in at 2020-03-03 18:13:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12014 (Old)
 and      /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12014.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "patchinfo.12014"

Tue Mar  3 18:13:15 2020 rev:1 rq:779960 version:unknown

Changes:
--------
New Changes file:

NO CHANGES FILE!!!

New:
----
  _patchinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="12014">
  <issue tracker="cve" id="2019-15605"/>
  <issue tracker="cve" id="2019-15604"/>
  <issue tracker="cve" id="2019-15606"/>
  <issue tracker="bnc" id="1163102">VUL-0: CVE-2019-15605: 
nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP request smuggling using malformed 
Transfer-Encoding header</issue>
  <issue tracker="bnc" id="1163103">VUL-0: CVE-2019-15606: 
nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP header values do not have 
trailing OWS trimmed</issue>
  <issue tracker="bnc" id="1163104">VUL-0: CVE-2019-15604: 
nodejs4,nodejs6,nodejs8,nodejs10,nodejs: Remotely trigger an assertion on a TLS 
server with a malformed certificate string</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs8</summary>
  <description>This update for nodejs8 fixes the following issues:

Security issues fixed:

- CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via 
a crafted certificate string (CVE-2019-15604, bsc#1163104).
- CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed 
Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
- CVE-2019-15606: Fixed the white space sanitation of HTTP headers 
(CVE-2019-15606, bsc#1163103).

This update was imported from the SUSE:SLE-15:Update update 
project.</description>
</patchinfo>

Reply via email to