Hello community, here is the log from the commit of package patchinfo.4428 for openSUSE:13.1:Update checked in at 2015-12-26 21:47:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/patchinfo.4428 (Old) and /work/SRC/openSUSE:13.1:Update/.patchinfo.4428.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.4428" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="4428"> <packager>kstreitova</packager> <issue tracker="bnc" id="951735">Heap-buffer-overflow in xmlParseConditionalSections</issue> <issue tracker="bnc" id="951734">Crafted xml causes out of bound memory access</issue> <issue tracker="bnc" id="957105">Another entity expansion issue</issue> <issue tracker="bnc" id="957106">Heap buffer overflow in xmlDictComputeFastQKey</issue> <issue tracker="bnc" id="957107">Processes entities after encoding conversion failures</issue> <issue tracker="bnc" id="957109">Add xmlHaltParser() to stop the parser / Detect incoherency on GROW</issue> <issue tracker="bnc" id="956260">Several out of bounds reads</issue> <issue tracker="bnc" id="954429">DoS when parsing specially crafted XML document if XZ support is enabled</issue> <issue tracker="bnc" id="957110">Fix memory access error due to incorrect entities boundaries</issue> <issue tracker="bnc" id="928193">Denial of service processing a crafted XML document</issue> <issue tracker="bnc" id="956018">Buffer overread with XML parser in xmlNextChar</issue> <issue tracker="bnc" id="956021">Buffer overread with HTML parser in push mode in xmlSAX2TextNode</issue> <issue tracker="cve" id="CVE-2015-7497"></issue> <issue tracker="cve" id="CVE-2015-7500"></issue> <issue tracker="cve" id="CVE-2015-7499"></issue> <issue tracker="cve" id="CVE-2014-0191"></issue> <issue tracker="cve" id="CVE-2015-8241"></issue> <issue tracker="cve" id="CVE-2014-3660"></issue> <issue tracker="cve" id="CVE-2015-7498"></issue> <issue tracker="cve" id="CVE-2015-1819"></issue> <issue tracker="cve" id="CVE-2015-8035"></issue> <issue tracker="cve" id="CVE-2015-5312"></issue> <issue tracker="cve" id="CVE-2015-8317"></issue> <issue tracker="cve" id="CVE-2015-8242"></issue> <issue tracker="cve" id="CVE-2015-7942"></issue> <issue tracker="cve" id="CVE-2015-7941"></issue> <category>security</category> <rating>moderate</rating> <summary>Security update for libxml2</summary> <description>- update to 2.9.3 * full changelog: http://www.xmlsoft.org/news.html * fixed CVEs: CVE-2015-8242, CVE-2015-7500, CVE-2015-7499, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-8035, CVE-2015-7942, CVE-2015-1819, CVE-2015-7941, CVE-2014-3660, CVE-2014-0191, CVE-2015-8241, CVE-2015-8317 * fixed bugs: [bsc#928193], [bsc#951734], [bsc#951735], [bsc#954429], [bsc#956018], [bsc#956021], [bsc#956260], [bsc#957105], [bsc#957106], [bsc#957107], [bsc#957109], [bsc#957110] </description> </patchinfo>