File _patchinfo of Package patchinfo.7201
<patchinfo incident="7201"> <issue id="1043218" tracker="bnc">YaST crashes on installation of banshee</issue> <issue id="1047785" tracker="bnc">zypper reports an error to the user during repository refresh</issue> <issue id="1038984" tracker="bnc">VUL-0: CVE-2017-7435, CVE-2017-7436: libzypp: rpm-md repository security downgrade</issue> <issue id="1046417" tracker="bnc">zypper ps always report deleted files, even after reboot</issue> <issue id="1045735" tracker="bnc">VUL-0: CVE-2017-9269: libzypp: Missing key pinning allows mirrors to exchange content undetected</issue> <issue id="1048315" tracker="bnc">Zypp fails to re-probe if the repository type changes (susetags<>repomd)</issue> <issue id="1036659" tracker="bnc">PackageKit deletes KDE:Extra repo gpg key</issue> <issue id="1009745" tracker="bnc">No Appstream data installed after installation</issue> <issue id="2017-7436" tracker="cve" /> <issue id="2017-7435" tracker="cve" /> <issue id="2017-9269" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>mlandres</packager> <description>The Software Update Stack was updated to receive fixes and enhancements. libzypp: - CVE-2017-7435, CVE-2017-7436, CVE-2017-9269: Fix GPG check workflows, mainly for unsigned repositories and packages. (bsc#1045735, bsc#1038984) - Fix gpg-pubkey release (creation time) computation. (bsc#1036659) - Update lsof blacklist. (bsc#1046417) - Re-probe on refresh if the repository type changes. (bsc#1048315) - Propagate proper error code to DownloadProgressReport. (bsc#1047785) - Allow to trigger an appdata refresh unconditionally. (bsc#1009745) - Support custom repo variables defined in /etc/zypp/vars.d. yast2-pkg-bindings: - Do not crash when the repository URL is not defined. (bsc#1043218) This update was imported from the SUSE:SLE-12-SP3:Update update project.</description> <summary>Security update for libzypp</summary> <zypp_restart_needed/> </patchinfo>
