Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
patchinfo.2200
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.2200
<patchinfo incident="2200"> <issue id="963563" tracker="bnc">[Portus] CVE-2015-7576: rubygem-actionpack, rubygem-activesupport: Timing attack vulnerability in basic authentication in Action Controller</issue> <issue id="963608" tracker="bnc">[Portus-security] CVE-2016-0752: rubygem-actionpack, rubygem-actionview: directory traversal and information leak in Action View (edit)</issue> <issue id="963627" tracker="bnc">[Portus-security] CVE-2016-0751: rubygem-actionpack: Object Leak DoS</issue> <issue id="963625" tracker="bnc">[Portus-security] CVE-2015-7581: rubygem-actionpack: unbounded memory growth DoS via wildcard controller routes</issue> <issue id="963604" tracker="bnc">[Portus-security] CVE-2015-7577: rubygem-activerecord: Nested attributes rejection proc bypass</issue> <issue id="963617" tracker="bnc">[Portus-security] CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord: Input Validation Circumvention (edit)</issue> <issue id="969943" tracker="bnc">[Portus-security] CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack</issue> <issue id="963328" tracker="bnc">VUL-0: CVE-2015-7580: rubygem-rails-html-sanitizer: XSS via whitelist sanitizer</issue> <issue id="963327" tracker="bnc">VUL-0: CVE-2015-7579: rubygem-rails-html-sanitizer: XSS vulnerability in rails-html-sanitizer</issue> <issue id="963326" tracker="bnc">VUL-0: CVE-2015-7578: rubygem-rails-html-sanitizer: XSS vulnerability via attributes</issue> <issue id="CVE-2016-0751" tracker="cve" /> <issue id="CVE-2015-7579" tracker="cve" /> <issue id="CVE-2015-7576" tracker="cve" /> <issue id="CVE-2015-7577" tracker="cve" /> <issue id="CVE-2015-7578" tracker="cve" /> <issue id="CVE-2016-2098" tracker="cve" /> <issue id="CVE-2016-0752" tracker="cve" /> <issue id="CVE-2016-0753" tracker="cve" /> <issue id="CVE-2015-7581" tracker="cve" /> <issue id="CVE-2015-7580" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jordimassaguerpla</packager> <description> Portus was updated to version 2.0.3, which brings several fixes and enhancements: - Fixed crono job when a repository could not be found. - Fixed compatibility issues with Docker 1.10 and Distribution 2.3. - Handle multiple scopes in token requests. - Add optional fields to token response. - Fixed notification events for Distribution v2.3. - Paginate through the catalog properly. - Do not remove all the repositories if fetching one fails. - Fixed SMTP setup. - Don't let crono overflow the 'log' column on the DB. - Show the actual LDAP error on invalid login. - Fixed the location of crono logs. - Always use relative paths. - Set RUBYLIB when using portusctl. - Don't count hidden teams on the admin panel. - Warn developers on unsupported docker-compose versions. - Directly invalidate LDAP logins without name and password. - Don't show the "I forgot my password" link on LDAP. The following Rubygems bundled within Portus have been updated to fix security issues: - CVE-2016-2098: rubygem-actionpack (bsc#969943). - CVE-2015-7578: rails-html-sanitizer (bsc#963326). - CVE-2015-7579: rails-html-sanitizer (bsc#963327). - CVE-2015-7580: rails-html-sanitizer (bsc#963328). - CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563). - CVE-2015-7577: rubygem-activerecord (bsc#963604). - CVE-2016-0751: rugygem-actionpack (bsc#963627). - CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608). - CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617). - CVE-2015-7581: rubygem-actionpack (bsc#963625). </description> <summary>Security update for portus</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor