From 7539df5586bb322809f6d04c4221ca1b99be6679ac30795f25cfeb0979c51d6c Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Sun, 29 Dec 2019 09:30:52 +0000 Subject: [PATCH] Accepting request 759878 from home:computersalat:devel:network fix for boo#1156210, boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270) OBS-URL: https://build.opensuse.org/request/show/759878 OBS-URL: https://build.opensuse.org/package/show/network/proftpd?expand=0&rev=72 --- proftpd-tls-crls-issue859.patch | 2 +- proftpd.changes | 2 +- proftpd.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/proftpd-tls-crls-issue859.patch b/proftpd-tls-crls-issue859.patch index 8fcb07d..98ccc98 100644 --- a/proftpd-tls-crls-issue859.patch +++ b/proftpd-tls-crls-issue859.patch @@ -4,7 +4,7 @@ Date: Sun Nov 24 14:03:54 2019 -0800 Issue #859, #861: Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers. - (CVE-2019-19269, CVE-2019-192700) + (CVE-2019-19269, CVE-2019-19270) diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c index 4b74cf989..0e08b0399 100644 diff --git a/proftpd.changes b/proftpd.changes index 116c34a..1320f8f 100644 --- a/proftpd.changes +++ b/proftpd.changes @@ -8,7 +8,7 @@ Sat Dec 28 20:45:30 UTC 2019 - chris@computersalat.de * GeoIP has been discontinued by Maxmind * remove module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuation-notice/ -- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-192700) +- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270) * add upstream patch proftpd-tls-crls-issue859.patch ------------------------------------------------------------------- diff --git a/proftpd.spec b/proftpd.spec index 91aab95..8d1ecb0 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -47,7 +47,7 @@ Patch103: %{name}-strip.patch Patch104: %{name}-no_BuildDate.patch #RPMLINT-FIX-openSUSE: env-script-interpreter Patch105: %{name}_env-script-interpreter.patch -#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-192700) +#PATCH-FIX-UPSTREAM: (CVE-2019-19269, CVE-2019-19270) Patch200: %{name}-tls-crls-issue859.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build #BuildRequires: gpg-offline