Overview

File _patchinfo of Package patchinfo.8372

<patchinfo incident="8372">
  <issue tracker="bnc" id="1098364">VUL-0: CVE-2018-10859: git-annex:  local gpg encrypted file disclosure</issue>
  <issue tracker="bnc" id="1098062">VUL-0: CVE-2018-10857: git-annex: file content disclosure</issue>
  <issue tracker="cve" id="2018-10857"/>
  <issue tracker="cve" id="2018-10859"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>psimons</packager>
  <description>This update for git-annex to version 6.20180626 fixes the following issues:

- CVE-2018-10857: Prevent file content disclosure by refusing to download
  content that cannot be verified with a hash, from encrypted special remotes and
  glacier (bsc#1098062).
- CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to
  download content that cannot be verified with a hash, from encrypted special
  remotes (bsc#1098364).

This update brings many other bug fixes and new features.
http://hackage.haskell.org/package/git-annex-6.20180626/changelog
has a detailed list of changes.
</description>
  <summary>Security update for git-annex</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places