Overview

File _patchinfo of Package patchinfo.15225

<patchinfo incident="15225">
  <issue tracker="bnc" id="1122675">VUL-0: CVE-2019-3681: osc: stores downloaded (supposed) RPM in network-controlled filesystem paths</issue>
  <issue tracker="cve" id="2019-3681"/>
  <packager>mstrigl</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for osc</summary>
  <description>This update for osc to 0.169.1 fixes the following issues:

Security issue fixed:

- CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths (bsc#1122675).

Non-security issues fixed:

- Improved the speed and usability of osc bash completion.
- improved some error messages.
- osc add: support git@ (private github) or git:// URLs correctly.
- Split dependson and whatdependson commands.
- Added support for osc build --shell-cmd.
- Added pkg-ccache support for osc build.
- Added --ccache option to osc getbinaries 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places