Hello community, here is the log from the commit of package patchinfo.1497 for openSUSE:12.3:Update checked in at 2013-04-03 16:20:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/patchinfo.1497 (Old) and /work/SRC/openSUSE:12.3:Update/.patchinfo.1497.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.1497", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="808137" tracker="bnc">VUL-1: CVE-2013-1821: ruby: entity expansion DoS vulnerability in REXML</issue> <issue id="803342" tracker="bnc">VUL-0: CVE-2013-0269: ruby19/rubygem-json: Denial of Service and Unsafe Object Creation Vulnerability in JSON</issue> <issue id="CVE-2013-0269" tracker="cve" /> <issue id="CVE-2013-1821" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>darix</packager> <description> Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821) Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also: - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity expansion text limit to 10kB CVE-2013-1821 - get rid of a SEGV when calling rb_iter_break() from some extention libraries. - some warning suppressed and smaller fixes </description> <summary>ruby: update to fix XML and JSON security problems</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org