Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xmlbeans for openSUSE:Factory checked in at 2022-10-27 13:52:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xmlbeans (Old) and /work/SRC/openSUSE:Factory/.xmlbeans.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "xmlbeans" Thu Oct 27 13:52:17 2022 rev:33 rq:1031253 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/xmlbeans/xmlbeans-mini.changes 2022-03-28 17:00:19.364949940 +0200 +++ /work/SRC/openSUSE:Factory/.xmlbeans.new.2275/xmlbeans-mini.changes 2022-10-27 13:52:20.928012545 +0200 @@ -1,0 +2,7 @@ +Mon Oct 17 09:24:54 UTC 2022 - Pedro Monreal <pmonreal@suse.com> + +- Security Fix: [bsc#1180915, CVE-2021-23926] + * XML parsers does not protect from malicious XML input + * Add xmlbeans-CVE-2021-23926.patch + +------------------------------------------------------------------- xmlbeans.changes: same change New: ---- xmlbeans-CVE-2021-23926.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xmlbeans-mini.spec ++++++ --- /var/tmp/diff_new_pack.36t57H/_old 2022-10-27 13:52:21.888017353 +0200 +++ /var/tmp/diff_new_pack.36t57H/_new 2022-10-27 13:52:21.888017353 +0200 @@ -34,6 +34,8 @@ #PATCH-FIX-UPSTREAM xmlbeans-2.6.0-java8.patch -- Fix build with Java 8 Patch2: xmlbeans-2.6.0-java8.patch Patch3: xmlbeans-2.6.0-jdk9.patch +#PATCH-FIX-UPSTREAM bsc#1180915 CVE-2021-23926 XML parsers does not protect from malicious XML input +Patch4: xmlbeans-CVE-2021-23926.patch BuildRequires: ant >= 1.6 BuildRequires: bea-stax-api BuildRequires: java-devel >= 1.8 @@ -96,6 +98,7 @@ %patch1 -p1 %patch2 %patch3 -p1 +%patch4 -p1 %build # Piccolo and jam are rebuilt from source and bundled with xbean ++++++ xmlbeans.spec ++++++ --- /var/tmp/diff_new_pack.36t57H/_old 2022-10-27 13:52:21.928017554 +0200 +++ /var/tmp/diff_new_pack.36t57H/_new 2022-10-27 13:52:21.940017614 +0200 @@ -33,6 +33,8 @@ #PATCH-FIX-UPSTREAM xmlbeans-2.6.0-java8.patch -- Fix build with Java 8 Patch2: xmlbeans-2.6.0-java8.patch Patch3: xmlbeans-2.6.0-jdk9.patch +#PATCH-FIX-UPSTREAM bsc#1180915 CVE-2021-23926 XML parsers does not protect from malicious XML input +Patch4: xmlbeans-CVE-2021-23926.patch BuildRequires: ant >= 1.6 BuildRequires: bea-stax-api BuildRequires: java-devel >= 1.8 @@ -95,6 +97,7 @@ %patch1 -p1 %patch2 %patch3 -p1 +%patch4 -p1 %build # Piccolo and jam are rebuilt from source and bundled with xbean ++++++ xmlbeans-CVE-2021-23926.patch ++++++ ++++ 1155 lines (skipped)