Hello community, here is the log from the commit of package patchinfo.1262 for openSUSE:12.1:Update checked in at 2013-02-05 17:34:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/patchinfo.1262 (Old) and /work/SRC/openSUSE:12.1:Update/.patchinfo.1262.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.1262", Maintainer is "" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo> <issue id="788121" tracker="bnc">CVE-2012-4557: apache2: Denial of Service via special requests (mod_proxy_ajp)</issue> <issue id="798733" tracker="bnc">SSL module does not do the case insensitive URI comparison</issue> <issue id="789828" tracker="bnc">Bybusyness does not balance after failed worker has recovered</issue> <issue id="757710" tracker="bnc">CVE-2012-0883: apache2: insecure LD_LIBRARY_PATH handling</issue> <issue id="777260" tracker="bnc">CVE-2012-2687: apache2: mod_negotiation Cross-Site Scripting (XSS)</issue> <issue id="722545" tracker="bnc">apache2: mod_proxy reverse proxy exposure</issue> <issue id="CVE-2011-4317" tracker="cve" /> <issue id="CVE-2012-2687" tracker="cve" /> <issue id="CVE-2011-3368" tracker="cve" /> <issue id="CVE-2012-0883" tracker="cve" /> <issue id="CVE-2012-4557" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>draht</packager> <description> - ignore case when checking against SNI server names. [bnc#798733] httpd-2.2.x-bnc798733-SNI_ignorecase.diff - better cleanup of busy count after recovering from failure [bnc#789828] httpd-2.2.x-bnc789828-mod_balancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-mod_proxy_ajp_timeout.diff: backend timeouts should not affect the entire worker. [bnc#788121] - httpd-2.2.x-envvars.diff obsoletes httpd-2.0.54-envvars.dif: Fix for low profile bug CVE-2012-0883 about improper LD_LIBRARY_PATH handling. [bnc#757710] - httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] - httpd-2.2.x-CVE-2011-3368_CVE-2011-4317-bnc722545.diff reworked to reflect the upstream changes. This will prevent the "Invalid URI in request OPTIONS *" messages in the error log. [bnc#722545] </description> <summary>update for apache2</summary> </patchinfo> -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org