File _patchinfo of Package patchinfo.41892

<patchinfo incident="41892">
  <issue tracker="bnc" id="1246976">RMT does not correctly mirror custom repos that have repodata that uses xz compression</issue>
  <issue tracker="bnc" id="1253953">VUL-0: CVE-2025-61780: rmt-server: improper handling of headers in `Rack::Sendfile` allows for bypass of proxy-level access restrictions</issue>
  <issue tracker="bnc" id="1248869">exporter-common package adds example.rb file breaking rmt-server because gce.rb engine also exists</issue>
  <issue tracker="bnc" id="1248510">LTSS registry container access is denied</issue>
  <issue tracker="bnc" id="1251937">VUL-0: CVE-2025-61919: rmt-server: rack: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap</issue>
  <packager>digitaltomm</packager>
  <rating>important</rating>
  <category>recommended</category>
  <summary>Recommended update for rmt-server</summary>
  <description>This update for rmt-server contains the following fixes:

- Version 2.24:
  * Enable mirroring xz compressed repositories. (bsc#1246976)
  * Rack 2.2.20 security update. (bsc#1253953, bsc#1251937)
  * Drop some de-published products from RMT
  * rmt-server-pubcloud:
    * Do not decode instance data coming from the system; (bsc#1248510)
    * Include Live-Patching for SLES 15.X. (jsc#PCT-630)
    * Handle only one data exporter. (bsc#1248869)
    * Do not decode instance data from db to access registry. (bsc#1248510)
    * Handle instance verification exceptions
  </description>
</patchinfo>