Hello community, here is the log from the commit of package patchinfo.12343 for openSUSE:Leap:15.1:Update checked in at 2020-04-23 10:10:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12343 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12343.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12343" Thu Apr 23 10:10:20 2020 rev:1 rq:794898 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12343"> <issue tracker="cve" id="2019-11234"/> <issue tracker="cve" id="2019-11235"/> <issue tracker="bnc" id="1132664">VUL-0: CVE-2019-11234: freeradius-server,freeradius: eap-pwd: fake authentication using reflection</issue> <issue tracker="bnc" id="1132549">VUL-0: CVE-2019-11235: freeradius-server: freeradius: eap-pwd: authentication bypass via an invalid curve attack</issue> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for freeradius-server</summary> <description>This update for freeradius-server fixes the following issues: Security issues fixed: - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549). - CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664). This update was imported from the SUSE:SLE-15:Update update project.</description> </patchinfo>
