Adding patchinfo patchinfo.20240916140553863933.269002615871826

2024-09-25 15:53:41 +02:00 · 2024-09-25 15:53:41 +02:00 · ee03f312f7
commit ee03f312f7
parent 19a8d1670a
7 changed files with 103 additions and 6 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 986eb819144618ce7441c1d082f743f84f012dc7
+Subproject commit fe313f6991faaf20af4c5c9ce68146f1bc57d3d9
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 5ddc26d9ca6b96aa471bad622903c93467d312e4
+Subproject commit b291a21c1c1c9979bf424f8f23e31bf84e8a9533
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit ab3476ea60110aec0459a4a5b13c385809821c47
+Subproject commit 43428949d3f2aa8ad140eb51848a84f556db0409
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit bd59a6d58c6510bec67740746166448ad8cf81ad
+Subproject commit d136a35e74537db1377a583f4f2fc23ecb9963ea
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 1679e2e3830516103201c5e9aefcd3b70ce2758a
+Subproject commit 0d7e5f9f1941d66e128d9675b271273df2c90658
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit dafc3c90b69fb6f20973c33344622d3e58c69573
+Subproject commit 915e4737d06eb4b86a50662711d4e885452e3eec
--- a/patchinfo.20240916140553863933.269002615871826/_patchinfo
+++ b/patchinfo.20240916140553863933.269002615871826/_patchinfo
@ -0,0 +1,97 @@
+<patchinfo>
+  <!-- generated from request(s) 340962, 332638, 339409, 339410, 340075, 339411, 332487, 332480, 338560, 338561 -->
+  <issue tracker="bnc" id="1213470">timezone-java 2023c contains corrupt data for some timezones</issue>
+  <issue tracker="bnc" id="1221385">VUL-0: CVE-2024-23672: tomcat,tomcat10: WebSocket DoS with incomplete closing handshake</issue>
+  <issue tracker="bnc" id="1221386">VUL-0: CVE-2024-24549: tomcat,tomcat10: HTTP/2 header handling DoS</issue>
+  <issue tracker="bnc" id="1222979">VUL-0: CVE-2024-21011: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: OpenJDK: long Exception message leading to crash (8319851)</issue>
+  <issue tracker="bnc" id="1222983">VUL-0: CVE-2024-21068: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: OpenJDK: integer overflow in C1 compiler address generation (8322122)</issue>
+  <issue tracker="bnc" id="1222984">VUL-0: CVE-2024-21085: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: OpenJDK: Pack200 excessive memory allocation (8322114)</issue>
+  <issue tracker="bnc" id="1222986">VUL-0: CVE-2024-21094: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)</issue>
+  <issue tracker="bnc" id="1222987">VUL-0: CVE-2024-21012: java-10-openjdk,java-11-openjdk,java-17-openjdk,java-1_7_0-openjdk,java-1_8_0-ibm,java-1_8_0-openj9,java-1_8_0-openjdk,java-21-openjdk,java-9-openjdk: OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)</issue>
+  <issue tracker="bnc" id="1223252">VUL-0: CVE-2024-30171: bouncycastle: timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP)</issue>
+  <issue tracker="bnc" id="1225381">[SUSE:SLFO:Main] python-h5py and python-h5py:openmpi4 fails to build on ppc64le</issue>
+  <issue tracker="bnc" id="1226274">tomcat throws java.lang.UnsatisfiedLinkError when running customer's application</issue>
+  <issue tracker="bnc" id="1227298">java-*-openjdk-headless is missing prerequires on file</issue>
+  <issue tracker="bnc" id="1227399">VUL-0: CVE-2024-34750: tomcat,tomcat10,tomcat6: Improper Handling of Exceptional Conditions</issue>
+  <issue tracker="bnc" id="1228046">VUL-0: CVE-2024-21131: java-*-openjdk,java-*-ibm: OpenJDK: potential UTF8 size overflow</issue>
+  <issue tracker="bnc" id="1228047">VUL-0: CVE-2024-21138:  java-*-openjdk,java-*-ibm: OpenJDK: Excessive symbol length can lead to infinite loop</issue>
+  <issue tracker="bnc" id="1228048">VUL-0: CVE-2024-21140: java-*-openjdk,java-*-ibm: OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow</issue>
+  <issue tracker="bnc" id="1228050">VUL-0: CVE-2024-21144: java-*-openjdk,java-*-ibm: OpenJDK: Pack200 increase loading time due to improper header validation</issue>
+  <issue tracker="bnc" id="1228051">VUL-0: CVE-2024-21145: java-*-openjdk,java-*-ibm: OpenJDK: Out-of-bounds access in 2D image handling</issue>
+  <issue tracker="bnc" id="1228052">VUL-0: CVE-2024-21147: java-*-openjdk,java-*-ibm: OpenJDK: RangeCheckElimination array index overflow</issue>
+  <issue tracker="bnc" id="1228255">VUL-0: CVE-2024-0760: bind: A flood of DNS messages over TCP may make the server unstable</issue>
+  <issue tracker="bnc" id="1228256">VUL-0: CVE-2024-1737: bind: BIND's database will be slow if a very large number of RRs exist at the same name</issue>
+  <issue tracker="bnc" id="1228257">VUL-0: CVE-2024-1975: bind: SIG(0) can be used to exhaust CPU resources</issue>
+  <issue tracker="bnc" id="1228258">VUL-0: CVE-2024-4076: bind: Assertion failure when serving both stale cache data and authoritative zone content</issue>
+  <issue tracker="cve" id="2024-301"/>
+  <issue tracker="cve" id="2024-0760"/>
+  <issue tracker="cve" id="2024-1737"/>
+  <issue tracker="cve" id="2024-1975"/>
+  <issue tracker="cve" id="2024-4076"/>
+  <issue tracker="cve" id="2024-21011"/>
+  <issue tracker="cve" id="2024-21012"/>
+  <issue tracker="cve" id="2024-21068"/>
+  <issue tracker="cve" id="2024-21085"/>
+  <issue tracker="cve" id="2024-21094"/>
+  <issue tracker="cve" id="2024-21131"/>
+  <issue tracker="cve" id="2024-21138"/>
+  <issue tracker="cve" id="2024-21140"/>
+  <issue tracker="cve" id="2024-21144"/>
+  <issue tracker="cve" id="2024-21145"/>
+  <issue tracker="cve" id="2024-21147"/>
+  <issue tracker="cve" id="2024-23672"/>
+  <issue tracker="cve" id="2024-24549"/>
+  <issue tracker="cve" id="2024-29857"/>
+  <issue tracker="cve" id="2024-30171"/>
+  <issue tracker="cve" id="2024-30172"/>
+  <issue tracker="cve" id="2024-34750"/>
+  <packager>jcronenberg</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for python-h5py, python-pytest-mpi, bouncycastle, tomcat10, java-11-openjdk, tomcat, java-17-openjdk, java-1_8_0-openjdk, bind, java-21-openjdk</summary>
+  <description>This update for python-h5py, python-pytest-mpi, bouncycastle, tomcat10, java-11-openjdk, tomcat, java-17-openjdk, java-1_8_0-openjdk, bind, java-21-openjdk fixes the following issues:
+
+bind:
+  - Update to version 9.20.0
+
+bouncycastle:
+  - Update to version 1.78.1
+
+java-11-openjdk:
+  - Upgrade to upstream tag jdk-11.0.24+8 (July 2024 CPU)
+
+java-17-openjdk:
+  - Update to upstream tag jdk-17.0.12+7 (July 2024 CPU)
+
+java-1_8_0-openjdk:
+  - Update to version jdk8u422 (icedtea-3.32.0)
+
+java-21-openjdk:
+  - Update to upstream tag jdk-21.0.4+7 (July 2024 CPU)
+
+python-h5py:
+  - Disable test for ppc64le because of Insufficient precision
+    bsc#1225381
+
+python-pytest-mpi:
+  - Skip some tests that produces a Segmentation fault in s390x
+
+tomcat:
+  - Update to Tomcat 9.0.91
+
+tomcat10:
+  - Update to Tomcat 10.1.25
+</description>
+  <package>bind</package>
+  <package>bouncycastle</package>
+  <package>java-11-openjdk</package>
+  <package>java-17-openjdk</package>
+  <package>java-1_8_0-openjdk</package>
+  <package>java-21-openjdk</package>
+  <package>python-h5py</package>
+  <package>python-h5py:openmpi4</package>
+  <package>python-pytest-mpi</package>
+  <package>tomcat</package>
+  <package>tomcat10</package>
+  <seperate_build_arch/>
+</patchinfo>