Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180128 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: clamav (0.99.2 -> 0.99.3) libdvdnav (5.0.3 -> 6.0.0) libdvdread (5.0.3 -> 6.0.0) vm-install (0.9.04 -> 0.10.01) xen yast2-http-server (3.2.2 -> 4.0.0) === Details === ==== clamav ==== Version update (0.99.2 -> 0.99.3) Subpackages: libclamav7 - Update to security release 0.99.3 (bsc#1077732) * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) * CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * CVE-2017-6420 (bsc#1052448) - this vulnerability allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. * CVE-2017-6419 (bsc#1052449) - ClamAV allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. * CVE-2017-11423 (bsc#1049423) - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. * CVE-2017-6418 (bsc#1052466) - ClamAV 0.99.2 allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - drop clamav-0.99.2-openssl-1.1.patch (upstream) ==== libdvdnav ==== Version update (5.0.3 -> 6.0.0) - Update to version 6.0.0: * fix crashes on some DVD on describe_title call * fix various crashes related to PGC validity * fix compilation issues * fix API return codes - Add gpg signature ==== libdvdread ==== Version update (5.0.3 -> 6.0.0) Subpackages: libdvdread-devel libdvdread4 - Update to version 6.0.0: * restrict the number of symbols to be exposed to the shared-object * remove dvdinput_error function * improve compatibility with some DVDs (notably the eOne ones) * fix write after free in ifoFree functions * fix possible buffer overflow in open * additional checks on DVDReadBytes arguments * fix leaks - Removed libdvdread-no-internal-crypto.patch because it's not applied anymore. ==== vm-install ==== Version update (0.9.04 -> 0.10.01) - Full conversion of source to python3 from python2. (bsc#1047602) - Graphical components now require Gtk3 - Version 0.10.01 ==== xen ==== Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - Fix python3 deprecated atoi call (bsc#1067224) pygrub-python3-conversion.patch - Drop xenmon-python3-conversion.patch ==== yast2-http-server ==== Version update (3.2.2 -> 4.0.0) - Replace SuSEFirewall2 by firewalld. (fate#323460) - 4.0.0 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org