Hello community, here is the log from the commit of package patchinfo.1181 for openSUSE:12.1:Update checked in at 2012-12-27 16:10:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/patchinfo.1181 (Old) and /work/SRC/openSUSE:12.1:Update/.patchinfo.1181.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.1181", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="791679" tracker="bnc">CVE-2012-5568: tomcat: affected by slowloris DoS</issue> <issue id="789406" tracker="bnc">CVE-2012-2733: tomcat: HTTP NIO connector OOM DoS via a request with large headers</issue> <issue id="793394" tracker="bnc">CVE-2012-3546: tomcat: Bypass of security constraints</issue> <issue id="793391" tracker="bnc">CVE-2012-4431: tomcat: bypass of CSRF prevention filter</issue> <issue id="791426" tracker="bnc">CVE-2012-5887: tomcat: stale nonce weakness</issue> <issue id="791424" tracker="bnc">CVE-2012-5886: tomcat: authentication caching weakness</issue> <issue id="791423" tracker="bnc">CVE-2012-5885: tomcat: cnonce tracking weakness</issue> <issue id="CVE-2012-3546" tracker="cve" /> <issue id="CVE-2009-2902" tracker="cve" /> <issue id="CVE-2012-4431" tracker="cve" /> <issue id="CVE-2012-2733" tracker="cve" /> <issue id="CVE-2009-2693" tracker="cve" /> <issue id="CVE-2012-5885" tracker="cve" /> <issue id="CVE-2009-2901" tracker="cve" /> <issue id="CVE-2012-5887" tracker="cve" /> <issue id="CVE-2012-5886" tracker="cve" /> <issue id="CVE-2012-5568" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>mvyskocil</packager> <description> - fix bnc#793394 - bypass of security constraints (CVE-2012-3546) * apache-tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1381035 - fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431) * apache-tomcat-CVE-2012-4431.patch http://svn.apache.org/viewvc?view=revision&revision=1394456 - document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679) in README.SUSE - fixes bnc#791423 - cnonce tracking weakness (CVE-2012-5885) bnc#791424 - authentication caching weakness (CVE-2012-5886) bnc#791426 - stale nonce weakness (CVE-2012-5887) * apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch http://svn.apache.org/viewvc?view=revision&revision=1380829 - fix bnc#789406 - HTTP NIO connector OOM DoS via a request with large headers (CVE-2012-2733) * http://svn.apache.org/viewvc?view=revision&revision=1356208 </description> <summary>update for tomcat6</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org