File _patchinfo of Package patchinfo.9472

<patchinfo incident="9472">
  <issue tracker="bnc" id="1099257">VUL-0: CVE-2018-12900: tiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf</issue>
  <issue tracker="bnc" id="1113672">VUL-1: CVE-2018-18661: tiff: NULL pointer dereference in the function LZWDecode in the file tif_lzw.c</issue>
  <issue tracker="bnc" id="1113094">VUL-1: CVE-2018-18557: tiff:  JBIG decode can lead to out-of-bounds write</issue>
  <issue tracker="cve" id="2018-18661"/>
  <issue tracker="cve" id="2018-18557"/>
  <issue tracker="cve" id="2018-12900"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for tiff fixes the following issues:

Security issues fixed:

- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).                                                                                             
- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).                                                                               
- CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).

Non-security issues fixed:

- asan_build: build ASAN included
- debug_build: build more suitable for debugging
</description>
  <summary>Security update for tiff</summary>
</patchinfo>
Places

File _patchinfo of Package patchinfo.9472

Places
