File _patchinfo of Package patchinfo.12536

<patchinfo incident="12536">
  <issue tracker="bnc" id="1131291">VUL-0: openssl: elliptic curve bypass issue (VU#871675)</issue>
  <issue tracker="bnc" id="1150250">VUL-1: CVE-2019-1563: openssl,openssl1,openssl-1_0_0,openssl-1_1,compat-openssl097g,compat-openssl098: bleichenbacher attack against cms/pkcs7 encryptioon transported key</issue>
  <issue tracker="bnc" id="1150003">VUL-0: CVE-2019-1547: openssl: EC_GROUP_set_generator side channel attack avoidance</issue>
  <issue tracker="cve" id="2019-1563"/>
  <issue tracker="cve" id="2019-1547"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for openssl-1_0_0 fixes the following issues:

OpenSSL Security Advisory [10 September 2019]

* CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003)
* CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250)

In addition fixed invalid curve attacks by validating that an EC point lies on the curve (bsc#1131291).
</description>
  <summary>Security update for openssl-1_0_0</summary>
</patchinfo>