openSUSE Security Update: Security update for fossil ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2188-1 Rating: moderate References: #1053267 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fossil to version 2.3 fixes the following issues: - Potential XSS vulnerability on the /help webpage (boo#1053267) This update also contains all upstream improvements and fixes in version 2.3: - Update internal Unicode character tables, used in regular expression handling, from version 9.0 to 10.0. - Show the last-sync-URL on the /urllist page - Added the "Event Summary" activity report - Added the "Security Audit" page, available to administrators only - Added the Last Login time to the user list page, for administrators only - Added the --numstat option to the fossil diff command - Limit the size of the heap and stack on unix systems, as a proactive defense against the Stack Clash attack - Fix "database locked" warnings caused by "PRAGMA optimize" - Documentation updates Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-949=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): fossil-2.3-3.1 fossil-debuginfo-2.3-3.1 fossil-debugsource-2.3-3.1 References: https://bugzilla.suse.com/1053267