{"affected":[{"ecosystem_specific":{"binaries":[{"portus":"2.0.3-2.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Containers 12","name":"portus","purl":"pkg:rpm/suse/portus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.3-2.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nPortus was updated to version 2.0.3, which brings several fixes and enhancements:\n\n- Fixed crono job when a repository could not be found.\n- Fixed compatibility issues with Docker 1.10 and Distribution 2.3.\n- Handle multiple scopes in token requests.\n- Add optional fields to token response.\n- Fixed notification events for Distribution v2.3.\n- Paginate through the catalog properly.\n- Do not remove all the repositories if fetching one fails.\n- Fixed SMTP setup.\n- Don't let crono overflow the 'log' column on the DB.\n- Show the actual LDAP error on invalid login.\n- Fixed the location of crono logs.\n- Always use relative paths.\n- Set RUBYLIB when using portusctl.\n- Don't count hidden teams on the admin panel.\n- Warn developers on unsupported docker-compose versions.\n- Directly invalidate LDAP logins without name and password.\n- Don't show the 'I forgot my password' link on LDAP.\n\nThe following Rubygems bundled within Portus have been updated to fix security\nissues:\n\n- CVE-2016-2098: rubygem-actionpack (bsc#969943).\n- CVE-2015-7578: rails-html-sanitizer (bsc#963326).\n- CVE-2015-7579: rails-html-sanitizer (bsc#963327).\n- CVE-2015-7580: rails-html-sanitizer (bsc#963328).\n- CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).\n- CVE-2015-7577: rubygem-activerecord (bsc#963604).\n- CVE-2016-0751: rugygem-actionpack (bsc#963627).\n- CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).\n- CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).\n- CVE-2015-7581: rubygem-actionpack (bsc#963625).\n","id":"SUSE-SU-2016:1146-1","modified":"2016-04-25T14:28:51Z","published":"2016-04-25T14:28:51Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20161146-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/963326"},{"type":"REPORT","url":"https://bugzilla.suse.com/963327"},{"type":"REPORT","url":"https://bugzilla.suse.com/963328"},{"type":"REPORT","url":"https://bugzilla.suse.com/963563"},{"type":"REPORT","url":"https://bugzilla.suse.com/963604"},{"type":"REPORT","url":"https://bugzilla.suse.com/963608"},{"type":"REPORT","url":"https://bugzilla.suse.com/963617"},{"type":"REPORT","url":"https://bugzilla.suse.com/963625"},{"type":"REPORT","url":"https://bugzilla.suse.com/963627"},{"type":"REPORT","url":"https://bugzilla.suse.com/969943"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7576"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7577"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7578"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7579"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7580"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7581"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0751"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0752"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-0753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-2098"}],"related":["CVE-2015-7576","CVE-2015-7577","CVE-2015-7578","CVE-2015-7579","CVE-2015-7580","CVE-2015-7581","CVE-2016-0751","CVE-2016-0752","CVE-2016-0753","CVE-2016-2098"],"summary":"Security update for portus","upstream":["CVE-2015-7576","CVE-2015-7577","CVE-2015-7578","CVE-2015-7579","CVE-2015-7580","CVE-2015-7581","CVE-2016-0751","CVE-2016-0752","CVE-2016-0753","CVE-2016-2098"]}