Overview

File _patchinfo of Package patchinfo.264

<patchinfo incident="264">
  <issue id="906803" tracker="bnc">VUL-1: CVE-2013-6435: rpm: Skipping rpm verification race</issue>
  <issue id="908128" tracker="bnc">VUL-0: CVE-2014-8118: rpm: integer overflow leading to stack-based overflow</issue>
  <issue id="892431" tracker="bnc" />
  <issue id="911228" tracker="bnc" />
  <issue id="CVE-2014-8118" tracker="cve" />
  <issue id="CVE-2013-6435" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mlschroe</packager>
  <description>This rpm update fixes the following security and non-security issues:

- bnc#908128: Check for bad invalid name sizes (CVE-2014-8118)
- bnc#906803: Create files with mode 0 (CVE-2013-6435)
- bnc#892431: Honor --noglob in install mode 
- bnc#911228: Fix noglob patch, it broke files with space.</description>
  <summary>Security update for rpm</summary>
  <zypp_restart_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places