Changelog for apt-cacher-ng-3.1-lp151.3.3.1.x86_64.rpm :

* Mon Jan 20 2020 Matthias Gerstner - fix CVE-2019-18899 (bsc#1157703): the systemd service configuration in apt-cacher-ng.service did run apt-cacher-ng as root while /run/apt-cacher-ng was created for the apt-cacher-ng user via systemd-tmpfiles. A compromised apt-cacher-ng could have performed symlink attacks in /run/apt-cacher-ng to cause writes to privileged file system locations by root. Furthermore the socket path /run/apt-cacher-ng/socket could have been replaced by an attacker owned socket, thereby allowing him to hijack privileged client connections to apt-cacher-ng. Additional unexplored security issues could have been possible. To fix this use the upstream service file with correct privilege drop configuration. During update the ownership of /var/log/apt-cacher-ng and /var/cache/apt-cacher-ng as well as a possibly already running apt-cacher-ng instance (files in /run/apt-cacher-ng) need to be fixed in %pre, %post.
* Fri Jan 17 2020 Matthias Gerstner - add CVE-2020-5202.patch: fixes bsc#1157706, CVE-2020-5202. A local user account that managed to listen on localhost:3142 before the actual apt-cacher-ng systemd service did could have intercepted client traffic sent by e.g. root via the cron job /etc/cron.daily/apt-cacher-ng, possibly including authentication credentials.
* Wed Dec 06 2017 mpluskalAATTsuse.com- Use more of cmake macros- Use pkgconfig style dependencies
* Tue Dec 05 2017 mchandrasAATTsuse.de- Version bump to 3.1
* Hide credentials in acngtool in some corner cases
* Dropped references to distkill.pl script which was superseeded by acngtool
* Made default PassThroughPattern setting stricter
* Mirror database update
* Avoid expiration failure when some index files are missing- Fix logrotate file installation
* Fri May 26 2017 jengelhAATTinai.de- Trim description. Use regular %setup call for all unpacking.
* Tue May 16 2017 mchandrasAATTsuse.de- Initial commit