Hello community, here is the log from the commit of package leptonica for openSUSE:Factory checked in at 2018-02-20 17:56:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/leptonica (Old) and /work/SRC/openSUSE:Factory/.leptonica.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "leptonica" Tue Feb 20 17:56:57 2018 rev:14 rq:578295 version:1.75.3 Changes: -------- --- /work/SRC/openSUSE:Factory/leptonica/leptonica.changes 2018-02-06 16:48:54.976736203 +0100 +++ /work/SRC/openSUSE:Factory/.leptonica.new/leptonica.changes 2018-02-20 17:58:35.846855285 +0100 @@ -1,0 +2,12 @@ +Mon Feb 19 16:30:01 UTC 2018 - kbabioch@suse.com + +- Update to 1.75.3: + * See changes in the version-notes.html file. + * Fixed a stack based buffer overflows in gplotRead() and ptaReadStream() + when parsing crafted files can lead to denial of service + (CVE-2018-7186 bsc#1081576) + * Fixed a buffer overflow in pixHtmlViewer in prog/htmlviewer.c + (unsanitized input (rootname)), which could potentially lead to + arbitrary code exeuction. (CVE-2018-7247 bsc#1081631) + +------------------------------------------------------------------- Old: ---- leptonica-1.75.1.tar.gz New: ---- leptonica-1.75.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ leptonica.spec ++++++ --- /var/tmp/diff_new_pack.qzQlYq/_old 2018-02-20 17:58:37.878782154 +0100 +++ /var/tmp/diff_new_pack.qzQlYq/_new 2018-02-20 17:58:37.882782010 +0100 @@ -19,7 +19,7 @@ %define major 5 Name: leptonica -Version: 1.75.1 +Version: 1.75.3 Release: 0 Summary: Library for image processing and image analysis applications License: BSD-2-Clause ++++++ leptonica-1.75.1.tar.gz -> leptonica-1.75.3.tar.gz ++++++ /work/SRC/openSUSE:Factory/leptonica/leptonica-1.75.1.tar.gz /work/SRC/openSUSE:Factory/.leptonica.new/leptonica-1.75.3.tar.gz differ: char 5, line 1