File _patchinfo of Package patchinfo.5218

<patchinfo incident="5218">
  <issue id="986639" tracker="bnc">VUL-0: CVE-2016-5824: libical: heap overread</issue>
  <issue id="1044995" tracker="bnc">libical crashes while parsing timezones</issue>
  <issue id="986631" tracker="bnc">VUL-0: CVE-2016-5827: libical: heap overread in libical</issue>
  <issue id="1015964" tracker="bnc">VUL-0: CVE-2016-9584: libical: Use-after-free</issue>
  <issue id="2016-5824" tracker="cve" />
  <issue id="2016-5827" tracker="cve" />
  <issue id="2016-9584" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for libical fixes the following issues:

Security issues fixed:
- CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free)
  via a crafted ics file. (bsc#986639)
- CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers
  to cause a denial of service (out-of-bounds heap read) via a crafted string to the
  icalparser_parse_string function. (bsc#986631)
- CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and
  possibly read heap memory via a crafted ics file. (bsc#1015964)

Bug fixes:
- libical crashes while parsing timezones (bsc#1044995)
</description>
  <summary>Security update for libical</summary>
</patchinfo>