Hello community, here is the log from the commit of package patchinfo.12014 for openSUSE:Leap:15.1:Update checked in at 2020-03-03 18:13:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12014 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12014.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12014" Tue Mar 3 18:13:15 2020 rev:1 rq:779960 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12014"> <issue tracker="cve" id="2019-15605"/> <issue tracker="cve" id="2019-15604"/> <issue tracker="cve" id="2019-15606"/> <issue tracker="bnc" id="1163102">VUL-0: CVE-2019-15605: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP request smuggling using malformed Transfer-Encoding header</issue> <issue tracker="bnc" id="1163103">VUL-0: CVE-2019-15606: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP header values do not have trailing OWS trimmed</issue> <issue tracker="bnc" id="1163104">VUL-0: CVE-2019-15604: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string</issue> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for nodejs8</summary> <description>This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>