Overview

File _patchinfo of Package patchinfo.3419

<patchinfo incident="3419">
  <issue id="1005646" tracker="bnc">VUL-0: CVE-2016-8624: curl: invalid URL parsing with '#'</issue>
  <issue id="1005645" tracker="bnc">VUL-0: CVE-2016-8623: curl: Use-after-free via shared cookies</issue>
  <issue id="1005643" tracker="bnc">VUL-0: CVE-2016-8622: curl: URL unescape heap overflow via integer truncation</issue>
  <issue id="1005642" tracker="bnc">VUL-0: CVE-2016-8621: curl: curl_getdate read out of bounds</issue>
  <issue id="1005640" tracker="bnc">VUL-0: CVE-2016-8620: curl: glob parser write/read out of bounds</issue>
  <issue id="1005633" tracker="bnc">VUL-0: CVE-2016-8615: curl: cookie injection for other servers</issue>
  <issue id="998760" tracker="bnc">VUL-1: CVE-2016-7167: curl: escape and unescape integer overflows</issue>
  <issue id="1005634" tracker="bnc">VUL-1: CVE-2016-8616: curl: case insensitive password comparison</issue>
  <issue id="1005635" tracker="bnc">VUL-0: CVE-2016-8617: curl: OOB write via unchecked multiplication</issue>
  <issue id="1005638" tracker="bnc">VUL-0: CVE-2016-8619: curl: double-free in krb5 code</issue>
  <issue id="1005637" tracker="bnc">VUL-0: CVE-2016-8618: curl: double-free in curl_maprintf</issue>
  <issue id="2016-8618" tracker="cve" />
  <issue id="2016-8619" tracker="cve" />
  <issue id="2016-7167" tracker="cve" />
  <issue id="2016-8615" tracker="cve" />
  <issue id="2016-8616" tracker="cve" />
  <issue id="2016-8617" tracker="cve" />
  <issue id="2016-8621" tracker="cve" />
  <issue id="2016-8620" tracker="cve" />
  <issue id="2016-8623" tracker="cve" />
  <issue id="2016-8622" tracker="cve" />
  <issue id="2016-8624" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for curl fixes the following security issues:

- CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646)
- CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645)
- CVE-2016-8622: URL unescape heap overflow via integer truncation (bsc#1005643)
- CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642)
- CVE-2016-8620: glob parser write/read out of bounds (bsc#1005640)
- CVE-2016-8619: double-free in krb5 code (bsc#1005638)
- CVE-2016-8618: double-free in curl_maprintf (bsc#1005637)
- CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635)
- CVE-2016-8616: case insensitive password comparison (bsc#1005634)
- CVE-2016-8615: cookie injection for other servers (bsc#1005633)
- CVE-2016-7167: escape and unescape integer overflows (bsc#998760)
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places