Hello community,
here is the log from the commit of package patchinfo.1497 for
openSUSE:12.3:Update checked in at 2013-04-03 16:20:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.1497 (Old)
and /work/SRC/openSUSE:12.3:Update/.patchinfo.1497.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1497", Maintainer is ""
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo>
<issue id="808137" tracker="bnc">VUL-1: CVE-2013-1821: ruby: entity expansion
DoS vulnerability in REXML</issue>
<issue id="803342" tracker="bnc">VUL-0: CVE-2013-0269: ruby19/rubygem-json:
Denial of Service and Unsafe Object Creation Vulnerability in JSON</issue>
<issue id="CVE-2013-0269" tracker="cve" />
<issue id="CVE-2013-1821" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>darix</packager>
<description>
Ruby 1.8 was updated to fix a XML entity expansion denial of service attack
(CVE-2013-1821)
Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also:
- update json intree to 1.5.5:
Denial of Service and Unsafe Object Creation Vulnerability in
JSON CVE-2013-0269
- limit entity expansion text limit to 10kB CVE-2013-1821
- get rid of a SEGV when calling rb_iter_break() from some
extention libraries.
- some warning suppressed and smaller fixes
</description>
<summary>ruby: update to fix XML and JSON security problems</summary>
</patchinfo>
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
