{"affected":[{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.6.37-2.27.24.1","libsolv-tools":"0.6.37-2.27.24.1","libzypp":"16.21.4-27.75.1","libzypp-devel":"16.21.4-27.75.1","perl-solv":"0.6.37-2.27.24.1","python-solv":"0.6.37-2.27.24.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"libsolv","purl":"pkg:rpm/suse/libsolv&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.37-2.27.24.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libsolv-devel":"0.6.37-2.27.24.1","libsolv-tools":"0.6.37-2.27.24.1","libzypp":"16.21.4-27.75.1","libzypp-devel":"16.21.4-27.75.1","perl-solv":"0.6.37-2.27.24.1","python-solv":"0.6.37-2.27.24.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"libzypp","purl":"pkg:rpm/suse/libzypp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"16.21.4-27.75.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libsolv fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-20387: Fixed heap-buffer-overflow in repodata_schema2id (bsc#1161510)\n- CVE-2021-3200: testcase_read: error out if repos are added or the system is changed too late (bsc#1186229)\n\nOther issues fixed:\n\n- backport support for blacklisted packages to support ptf packages and retracted patches\n- fix ruleinfo of complex dependencies returning the wrong origin\n- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason\n- fix add_complex_recommends() selecting conflicted packages in rare cases\n- fix potential segfault in resolve_jobrules\n- fix solv_zchunk decoding error if large chunks are used\n","id":"SUSE-SU-2021:2145-1","modified":"2021-06-23T14:51:08Z","published":"2021-06-23T14:51:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20212145-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1161510"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186229"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20387"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3200"}],"related":["CVE-2019-20387","CVE-2021-3200"],"summary":"Security update for libsolv","upstream":["CVE-2019-20387","CVE-2021-3200"]}