Packages changed:
  clamav (0.99.2 -> 0.99.3)
  libdvdnav (5.0.3 -> 6.0.0)
  libdvdread (5.0.3 -> 6.0.0)
  vm-install (0.9.04 -> 0.10.01)
  xen
  yast2-http-server (3.2.2 -> 4.0.0)

=== Details ===

==== clamav ====
Version update (0.99.2 -> 0.99.3)
Subpackages: libclamav7

- Update to security release 0.99.3 (bsc#1077732)
  * CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability)
  * CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability)
  * CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability)
  - these vulnerabilities could have allowed an unauthenticated,
    remote attacker to cause a denial of service (DoS) condition
    or potentially execute arbitrary code on an affected device.
  * CVE-2017-12374 (ClamAV use-after-free Vulnerabilities)
  * CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability)
  * CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability)
  * CVE-2017-12380 (ClamAV Null Dereference Vulnerability)
  - these vulnerabilities could have allowed an unauthenticated,
    remote attacker to cause a denial of service (DoS) condition on an affected device.
  * CVE-2017-6420 (bsc#1052448)
  - this vulnerability allowed remote attackers to cause a denial of service
    (use-after-free) via a crafted PE file with WWPack compression.
  * CVE-2017-6419 (bsc#1052449)
  - ClamAV allowed remote attackers to cause a denial of service
    (heap-based buffer overflow and application crash) or possibly
    have unspecified other impact via a crafted CHM file.
  * CVE-2017-11423 (bsc#1049423)
  - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha
    allowed remote attackers to cause a denial of service
    (stack-based buffer over-read and application crash) via a crafted CAB file.
  * CVE-2017-6418 (bsc#1052466)
  - ClamAV 0.99.2 allowed remote attackers to cause a denial
    of service (out-of-bounds read) via a crafted e-mail message.
- drop clamav-0.99.2-openssl-1.1.patch (upstream)

==== libdvdnav ====
Version update (5.0.3 -> 6.0.0)

- Update to version 6.0.0:
  * fix crashes on some DVD on describe_title call
  * fix various crashes related to PGC validity
  * fix compilation issues
  * fix API return codes
- Add gpg signature

==== libdvdread ====
Version update (5.0.3 -> 6.0.0)
Subpackages: libdvdread-devel libdvdread4

- Update to version 6.0.0:
  * restrict the number of symbols to be exposed to the
    shared-object
  * remove dvdinput_error function
  * improve compatibility with some DVDs (notably the eOne ones)
  * fix write after free in ifoFree functions
  * fix possible buffer overflow in open
  * additional checks on DVDReadBytes arguments
  * fix leaks
- Removed libdvdread-no-internal-crypto.patch because it's not
  applied anymore.

==== vm-install ====
Version update (0.9.04 -> 0.10.01)

- Full conversion of source to python3 from python2. (bsc#1047602)
- Graphical components now require Gtk3
- Version 0.10.01

==== xen ====
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- Fix python3 deprecated atoi call (bsc#1067224)
  pygrub-python3-conversion.patch
- Drop xenmon-python3-conversion.patch

==== yast2-http-server ====
Version update (3.2.2 -> 4.0.0)

- Replace SuSEFirewall2 by firewalld. (fate#323460)
- 4.0.0