Overview

File _patchinfo of Package patchinfo.18141

<patchinfo incident="18141">
  <issue tracker="cve" id="2020-14352"/>
  <issue tracker="bnc" id="1175475">VUL-0: CVE-2020-14352: librepo: missing path validation in repomd.xml may lead to directory traversal</issue>
  <packager>lkocman</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for librepo</summary>
  <description>This update for librepo fixes the following issues:

- Upgrade to 1.12.1
  + Validate path read from repomd.xml (bsc#1175475, CVE-2020-14352)
- Changes from 1.12.0
  + Prefer mirrorlist/metalink over baseurl (rh#1775184)
  + Decode package URL when using for local filename (rh#1817130)
  + Fix memory leak in lr_download_metadata() and lr_yum_download_remote()
  + Download sources work when at least one of specified is working (rh#1775184)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places