File _patchinfo of Package patchinfo.36131

<patchinfo incident="36131">
  <issue tracker="cve" id="2024-36474"/>
  <issue tracker="cve" id="2016-9888"/>
  <issue tracker="cve" id="2024-42415"/>
  <issue tracker="bnc" id="1014609">VUL-1: CVE-2016-9888: libgsf: An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) inGNOME Structured File ...</issue>
  <issue tracker="bnc" id="1231282">VUL-0: CVE-2024-36474: libgsf: integer overflow in the compound document binary file format allows for an out-of-bounds index to be used when processing a directory</issue>
  <issue tracker="bnc" id="1231283">VUL-0: CVE-2024-42415: libgsf: integer overflow in the compound document binary file format parser allows for a heap-based buffer overflow when processing the sector allocation table</issue>
  <packager>mgorse</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libgsf</summary>
  <description>This update for libgsf fixes the following issues:

- CVE-2016-9888: Fixed null pointer dereference with corrupted tar files (bsc#1014609)
- CVE-2024-36474: Fixed out-of-bounds index when processing a directory via an integer overflow in the compound document binary file format parser (bsc#1231282)
- CVE-2024-42415: Fixed heap-based buffer overflow when processing the sector allocation table via an integer overflow in the compound document binary file format parser (bsc#1231283)
</description>
</patchinfo>