OPENSUSE-SU-2021:1051-1
Vulnerability from csaf_opensuse - Published: 2021-07-17 18:05 - Updated: 2021-07-17 18:05Summary
Security update for fossil
Notes
Title of the patch
Security update for fossil
Description of the patch
This update for fossil fixes the following issues:
fossil 2.16:
* Add the fossil patch command
* Improve the fossil ui command to work on check-out directories
and remote machines
* web UI improvements
* Add fossil bisect run command for improved automation of bisects
* Improve fossil merge handling of renames
* wiki now defaults to markdown
* email alerts can now be set to expire to prevent sending mail
to abandoned accounts forever
fossil 2.15.2:
* Fix the client-side TLS so that it verifies that the server
hostname matches its certificate (boo#1187988)
fossil 2.15.1:
* fix access to tables starting 'fx_' in ticket report
fossil 2.15:
* Relax default Content Security policy to allow images to be
loaded from any URL
* Updates to skins and their configuration options
* Built-in skin can now be selected via the skin= request
parameter and the /skins page.
* /cookies page can now now delete individual cookies
* Various extensions to diff displaz and operations
* Add the --list option to the tarball, zip, and sqlar commands.
* New TH1 commands: 'builtin_request_js', 'capexpr', 'foreach',
'lappend', and 'string match'
* The leaves command now shows the branch point of each leaf.
* The fossil add command refuses to add files whose names are
reserved by Windows (ex: 'aux') unless the --allow-reserved
option is included.
fossil 2.14
* add fossil chat
* enhanced fossil clone
* performance optimization
* enhanced documents
* Pikchr improvements
* Schema Update Notice #1: This release drops a trigger from
the database schema
* Schema Update Notice #2: This release changes how the descriptions
of wiki edits are stored in the EVENT table, for improved display
on timelines
fossil 2.13:
* wiki improvements: interwiki links, markup features
* support for rendering pikchr markup scriptions
* line number modes support interactive selection of range of
lines to hyperlink to
* Enhance finfo page to track a file across renames
- minimum/bundled version of sqlite increased to 3.34.0
Patchnames
openSUSE-2021-1051
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for fossil",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for fossil fixes the following issues:\n\nfossil 2.16:\n\n * Add the fossil patch command\n * Improve the fossil ui command to work on check-out directories\n and remote machines\n * web UI improvements\n * Add fossil bisect run command for improved automation of bisects\n * Improve fossil merge handling of renames\n * wiki now defaults to markdown\n * email alerts can now be set to expire to prevent sending mail\n to abandoned accounts forever\n\nfossil 2.15.2:\n\n * Fix the client-side TLS so that it verifies that the server\n hostname matches its certificate (boo#1187988)\n\nfossil 2.15.1:\n\n * fix access to tables starting \u0027fx_\u0027 in ticket report\n\nfossil 2.15:\n\n * Relax default Content Security policy to allow images to be\n loaded from any URL\n * Updates to skins and their configuration options\n * Built-in skin can now be selected via the skin= request\n parameter and the /skins page.\n * /cookies page can now now delete individual cookies\n * Various extensions to diff displaz and operations\n * Add the --list option to the tarball, zip, and sqlar commands.\n * New TH1 commands: \u0027builtin_request_js\u0027, \u0027capexpr\u0027, \u0027foreach\u0027,\n \u0027lappend\u0027, and \u0027string match\u0027\n * The leaves command now shows the branch point of each leaf.\n * The fossil add command refuses to add files whose names are\n reserved by Windows (ex: \u0027aux\u0027) unless the --allow-reserved\n option is included.\n\nfossil 2.14\n\n * add fossil chat\n * enhanced fossil clone\n * performance optimization\n * enhanced documents\n * Pikchr improvements\n * Schema Update Notice #1: This release drops a trigger from \n the database schema\n * Schema Update Notice #2: This release changes how the descriptions\n of wiki edits are stored in the EVENT table, for improved display\n on timelines\n\nfossil 2.13:\n\n * wiki improvements: interwiki links, markup features\n * support for rendering pikchr markup scriptions\n * line number modes support interactive selection of range of\n lines to hyperlink to\n * Enhance finfo page to track a file across renames\n- minimum/bundled version of sqlite increased to 3.34.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1051",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1051-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1051-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W3B2475R32UDKMHD6IFIQKCORWOMOJV2/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1051-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W3B2475R32UDKMHD6IFIQKCORWOMOJV2/"
},
{
"category": "self",
"summary": "SUSE Bug 1187988",
"url": "https://bugzilla.suse.com/1187988"
}
],
"title": "Security update for fossil",
"tracking": {
"current_release_date": "2021-07-17T18:05:49Z",
"generator": {
"date": "2021-07-17T18:05:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1051-1",
"initial_release_date": "2021-07-17T18:05:49Z",
"revision_history": [
{
"date": "2021-07-17T18:05:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "fossil-2.16-bp152.2.6.1.aarch64",
"product": {
"name": "fossil-2.16-bp152.2.6.1.aarch64",
"product_id": "fossil-2.16-bp152.2.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "fossil-2.16-bp152.2.6.1.ppc64le",
"product": {
"name": "fossil-2.16-bp152.2.6.1.ppc64le",
"product_id": "fossil-2.16-bp152.2.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "fossil-2.16-bp152.2.6.1.s390x",
"product": {
"name": "fossil-2.16-bp152.2.6.1.s390x",
"product_id": "fossil-2.16-bp152.2.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "fossil-2.16-bp152.2.6.1.x86_64",
"product": {
"name": "fossil-2.16-bp152.2.6.1.x86_64",
"product_id": "fossil-2.16-bp152.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP2",
"product": {
"name": "SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "fossil-2.16-bp152.2.6.1.aarch64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:fossil-2.16-bp152.2.6.1.aarch64"
},
"product_reference": "fossil-2.16-bp152.2.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fossil-2.16-bp152.2.6.1.ppc64le as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:fossil-2.16-bp152.2.6.1.ppc64le"
},
"product_reference": "fossil-2.16-bp152.2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fossil-2.16-bp152.2.6.1.s390x as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:fossil-2.16-bp152.2.6.1.s390x"
},
"product_reference": "fossil-2.16-bp152.2.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fossil-2.16-bp152.2.6.1.x86_64 as component of SUSE Package Hub 15 SP2",
"product_id": "SUSE Package Hub 15 SP2:fossil-2.16-bp152.2.6.1.x86_64"
},
"product_reference": "fossil-2.16-bp152.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP2"
}
]
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…