File _patchinfo of Package patchinfo.13583

<patchinfo incident="13583">
  <issue tracker="bnc" id="1158763">VUL-0: CVE-2019-18900: libzypp: /var/lib/YaST2/cookies is world readable</issue>
  <issue tracker="bnc" id="1155678">"zypper dup" always installs -lang files</issue>
  <issue tracker="bnc" id="1155198">Provide 'zypper purge-kernels' builtin command</issue>
  <issue tracker="bnc" id="1135114">zypper search --file-lists does not work</issue>
  <issue tracker="bnc" id="1154804">zypper: man page is not correct for global option "-s"</issue>
  <issue tracker="bnc" id="1156158">zypper-log tries to use python2 which does not exist anymore</issue>
  <issue tracker="bnc" id="1155819"></issue>
  <issue tracker="bnc" id="1155205">'zypper addlocale' fails to add the locale if no packages are to be added</issue>
  <issue tracker="bnc" id="1155298">zypper lp: broken --cve/bugzilla/issue options</issue>
  <issue tracker="bnc" id="1154805">zypper: enhancements for (automated) patch checking</issue>
  <issue tracker="bnc" id="1157377">zypper complains "No repositories defined" when removing a package</issue>
  <issue tracker="cve" id="2019-18900"/>
  <packager>mlandres</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libsolv, libzypp, zypper</summary>
  <description>This update for libsolv, libzypp, zypper fixes the following issues:

Security issue fixed:

- CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763).

Bug fixes

- Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819).
- Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198).
- Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678).
- Load only target resolvables for zypper rm (bsc#1157377).
- Fix broken search by filelist (bsc#1135114).
- Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158).
- Do not sort out requested locales which are not available (bsc#1155678).
- Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805).
- XML add patch issue-date and issue-list (bsc#1154805).
- Fix zypper lp --cve/bugzilla/issue options (bsc#1155298).
- Always execute commit when adding/removing locales (fixes bsc#1155205).
- Fix description of --table-style,-s in man page (bsc#1154804).
</description>
<zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by