File _patchinfo of Package patchinfo.9488

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.9488

<patchinfo incident="9488">
  <issue tracker="bnc" id="1115722">VUL-0: CVE-2018-19198: uriparser: UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&amp;' character is mishandled in certain contexts</issue>
  <issue tracker="bnc" id="1115723">VUL-0: CVE-2018-19199: uriparser: UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication</issue>
  <issue tracker="bnc" id="1122193">VUL-0: CVE-2018-20721: uriparser:   Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address</issue>
  <issue tracker="bnc" id="1115724">VUL-1: CVE-2018-19200: uriparser: UriCommon.c allows attempted operations on NULL input via a uriResetUri* function</issue>
  <issue tracker="cve" id="2018-19200"/>
  <issue tracker="cve" id="2018-19198"/>
  <issue tracker="cve" id="2018-19199"/>
  <issue tracker="cve" id="2018-20721"/>
  <category>security</category>
  <rating>low</rating>
  <packager>adamm</packager>
  <description>This update for uriparser fixes the following issues:

Security issues fixed:

- CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193).
- CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722).
- CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723).
- CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724).
</description>
  <summary>Security update for uriparser</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.9488

Places