Hello community,
here is the log from the commit of package patchinfo.12494 for
openSUSE:Leap:15.1:Update checked in at 2020-05-03 18:19:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12494 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12494.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12494"
Sun May 3 18:19:30 2020 rev:1 rq:799272 version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
New:
----
_patchinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="12494">
<issue tracker="bnc" id="1100694">VUL-0: CVE-2018-1000613: bouncycastle:
prior to version 1.60 contains a CWE-470: Use of Externally-ControlledInput to
Select Classes or Code ('Unsafe Reflection')</issue>
<issue tracker="bnc" id="1072697">VUL-0: CVE-2017-13098: bouncycastle: TLS
server vulnerable to Adaptive Chosen Ciphertext attack when using JCE allowing
plaintext recovery or MITM attack</issue>
<issue tracker="cve" id="2018-1000613"/>
<issue tracker="cve" id="2017-13098"/>
<packager>pmonrealgonzalez</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for bouncycastle</summary>
<description>This update for bouncycastle fixes the following issues:
Version update to 1.60:
* CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code
(boo#1100694)
* Release notes:
http://www.bouncycastle.org/releasenotes.html
Version update to 1.59:
* CVE-2017-13098: Fix against Bleichenbacher oracle when not
using the lightweight APIs (boo#1072697).
* Release notes:
http://www.bouncycastle.org/releasenotes.html
</description>
</patchinfo>
