File _patchinfo of Package patchinfo.17821

<patchinfo incident="17821">
  <issue tracker="cve" id="2022-48257"/>
  <issue tracker="cve" id="2022-48258"/>
  <issue tracker="bnc" id="1207124">VUL-0: CVE-2022-48258: EternalTerminal: etserver and etclient have world-readable logfiles.</issue>
  <issue tracker="bnc" id="1207123">VUL-0: CVE-2022-48257: EternalTerminal: Predictable logfile names in /tmp.</issue>
  <packager>jubalh</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for EternalTerminal</summary>
  <description>This update for EternalTerminal fixes the following issues:

EternalTerminal was updated to 6.2.4:

  * CVE-2022-48257, CVE-2022-48258 remedied
  * fix readme regarding port forwarding #522
  * Fix test failures that started appearing in CI #526
  * Add documentation for the EternalTerminal protocol #523
  * ssh-et: apply upstream updates #527
  * docs: write gpg key to trusted.gpg.d for APT #530
  * Support for ipv6 addresses (with or without port specified) #536
  * ipv6 abbreviated address support #539
  * Fix launchd plist config to remove daemonization. #540
  * Explicitly set verbosity from cxxopts value. #542
  * Remove daemon flag in systemd config #549
  * Format all source with clang-format. #552
  * Fix tunnel parsing exception handling. #550
  * Fix SIGTERM behavior that causes systemd control of etserver to timeout. #554
  * Parse telemetry ini config as boolean and make telemetry opt-in. #553
  * Logfile open mode and permission plus location configurability. #556
- boo#1207123 (CVE-2022-48257) Fix predictable logfile names in /tmp
- boo#1207124 (CVE-2022-48258) Fix etserver and etclient have world-readable logfiles

- Note: Upstream released 6.2.2 with fixes then 6.2.4 and later removed 6.2.2
  and redid 6.2.4
</description>
</patchinfo>