File _patchinfo of Package patchinfo.23498

<patchinfo incident="23498">
  <issue tracker="bnc" id="1195485">zypper seems to ignore 'split-alias' in a specific case</issue>
  <issue tracker="bnc" id="1189622">When updating libgcrypt rpms and kernel-default the next reboot fails with "libgcrypt selftest: binary (0): Selftest failed (usr/lib64/.libgcrypt.so.20.hmac)"</issue>
  <issue tracker="bnc" id="1184501">VUL-0: libzypp: RPM package signature verification bypass</issue>
  <issue tracker="bnc" id="1194848">L3: POC Lotus: zypper patch should handle PTF issues</issue>
  <packager>mlandres</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libsolv, libzypp</summary>
  <description>This update for libsolv, libzypp fixes the following issues:

libsolv to 0.6.39:

- fix memory leaks in SWIG generated code
- fix misparsing of '&amp;' in attributes with libxml2
- try to keep packages from a cycle close togther in the
  transaction order (bsc#1189622)
- fix split provides not working if the update includes a
  forbidden vendor change (bsc#1195485)
- fix segfault on conflict resolution when using bindings
- do not replace noarch problem rules with arch dependent ones
  in problem reporting
- fix and simplify pool_vendor2mask implementation
- bump version to 0.6.39

libzypp to 16.22.4:

- Hint on ptf resolver conflicts (bsc#1194848)
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output.
</description>
  <zypp_restart_needed/>
</patchinfo>