File _patchinfo of Package patchinfo.12002
<patchinfo incident="12002"> <issue tracker="bnc" id="1142662">[TRACKERBUG] update osc to version 0.165.3</issue> <issue tracker="bnc" id="1142518">VUL-0: CVE-2019-3685: osc: inadequate TLS certificate validation for HTTPS connections</issue> <issue tracker="bnc" id="1129889">osc: crash listing logs with invalid UTF-8</issue> <issue tracker="bnc" id="1140697">[TRACKERBUG] update osc to version 0.165.2</issue> <issue tracker="bnc" id="1138977">Error running osc command</issue> <issue tracker="bnc" id="1144211">[TRACKERBUG] update osc to version 0.165.4</issue> <issue tracker="cve" id="2019-3685"/> <packager>mstrigl</packager> <rating>important</rating> <category>security</category> <summary>Security update for osc</summary> <description>This update for osc to version 0.165.4 fixes the following issues: Security issue fixed: - CVE-2019-3685: Fixed broken TLS certificate handling allowing for a Man-in-the-middle attack (bsc#1142518). Non-security issues fixed: - support different token operations (runservice, release and rebuild) (requires OBS 2.10) - fix osc token decode error - offline build mode is now really offline and does not try to download the buildconfig - osc build -define now works with python3 - fixes an issue where the error message on osc meta -e was not parsed correctly - osc maintainer -s now works with python3 - simplified and fixed osc meta -e (bsc#1138977) - osc lbl now works with non utf8 encoding (bsc#1129889) - add simpleimage as local build type - allow optional fork when creating a maintenance request - fix RPMError fallback - fix local caching for all package formats - fix appname for trusted cert store - osc -h does not break anymore when using plugins - switch to difflib.diff_bytes and sys.stdout.buffer.write for diffing. This will fix all decoding issues with osc diff, osc ci and osc rq -d - fix osc ls -lb handling empty size and mtime - removed decoding on osc api command. </description> </patchinfo>
