Hello community, here is the log from the commit of package patchinfo.1524 for openSUSE:12.1:Update checked in at 2013-04-05 13:57:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/patchinfo.1524 (Old) and /work/SRC/openSUSE:12.1:Update/.patchinfo.1524.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.1524", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="777260" tracker="bnc">VUL-1: CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)</issue> <issue id="806458" tracker="bnc">VUL-1: CVE-2012-3499: apache2: multiple XSS flaws due to unescaped hostnames</issue> <issue id="798733" tracker="bnc">SSL module does not do the case insensitive URI comparison</issue> <issue id="807152" tracker="bnc">VUL-1: CVE-2012-4558: apache2: XSS in mod_proxy_balancer</issue> <issue id="CVE-2012-4558" tracker="cve" /> <issue id="CVE-2012-2687" tracker="cve" /> <issue id="CVE-2012-3499" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>draht</packager> <description> apache2 was updated to fix: - fix for cross site scripting vulnerability in mod_balancer. This is CVE-2012-4558 [bnc#807152] - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 [bnc#806458] - Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] And also these bugs: - httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when checking against SNI server names. [bnc#798733] </description> <summary>apache2: security and bugfixes</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org