File _patchinfo of Package patchinfo.29070

<patchinfo incident="29070">
  <issue tracker="bnc" id="1206593">[Build :27148:rmt-server] openQA test fails in update_install - posttrans script failed, nginx.service not active, cannot reload</issue>
  <issue tracker="bnc" id="1211398">smt-gce.susecloud.net is denied for SLEM 5.4 repository on GCE instance after some time</issue>
  <issue tracker="bnc" id="1209507">VUL-0: CVE-2023-28120: rmt-server: rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice</issue>
  <issue tracker="bnc" id="1209825">rmt-client-setup-res forces use of HTTP (without S)</issue>
  <issue tracker="bnc" id="1203171">Mirroring RHEL channels results in  Error while moving directory read-only file system</issue>
  <issue tracker="bnc" id="1209096">VUL-0: CVE-2023-27530: rmt-server: rubygem-rack: Denial of service in Multipart MIME parsing</issue>
  <issue tracker="bnc" id="1202053">Nokogiri was built against LibXML version 2.9.12, but has dynamically loaded 2.9.14</issue>
  <issue tracker="bnc" id="1207670">rmt: wrong permissions on /usr/share/rmt/config/secrets.yml.key after package installation 2.10 works with 2.9</issue>
  <issue tracker="cve" id="2023-28120"/>
  <issue tracker="cve" id="2023-27530"/>
  <packager>mssola</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rmt-server</summary>
  <description>This update for rmt-server fixes the following issues:

Updated to version 2.13:
- CVE-2023-28120: Fixed a potential XSS issue in an embedded
  dependency (bsc#1209507).
- CVE-2023-27530: Fixed a denial of service issue in multipart request
  parsing (bsc#1209096).

Non-security fixes:
- Fixed transactional update on GCE (bsc#1211398).
- Use HTTPS in rmt-client-setup-res (bsc#1209825).
- Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593,
  bsc#1202053).
</description>
</patchinfo>