Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patchinfo.16299 for openSUSE:Leap:15.2:Update checked in at 2021-05-22 07:03:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.16299 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.16299.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.16299" Sat May 22 07:03:36 2021 rev:1 rq:894359 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="16299"> <issue tracker="cve" id="2021-32490"/> <issue tracker="cve" id="2021-32492"/> <issue tracker="cve" id="2021-32491"/> <issue tracker="cve" id="2021-32493"/> <issue tracker="bnc" id="1185905">VUL-0: CVE-2021-32493: djvulibre: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file</issue> <issue tracker="bnc" id="1185895">VUL-0: CVE-2021-32490: djvulibre: Out of bounds write in function DJVU:filter_bv() via crafted djvu file</issue> <issue tracker="bnc" id="1185904">VUL-0: CVE-2021-32492: djvulibre: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file</issue> <issue tracker="bnc" id="1185900">VUL-0: CVE-2021-32491: djvulibre: Integer overflow in function render() in tools/ddjvu via crafted djvu file</issue> <packager>pgajdos</packager> <rating>important</rating> <category>security</category> <summary>Security update for djvulibre</summary> <description>This update for djvulibre fixes the following issues: - CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file - CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file - CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file - CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file This update was imported from the SUSE:SLE-15-SP2:Update update project.</description> </patchinfo>