File _patchinfo of Package patchinfo.7775

<patchinfo incident="7775">
  <issue tracker="bnc" id="1026649">VUL-1: lcms2: LUT consistency checking</issue>
  <issue tracker="bnc" id="1026650">VUL-1: lcms2:  sanitize input &amp; output channels on MPE profiles</issue>
  <issue tracker="bnc" id="1021364">VUL-1: CVE-2016-10165: lcms2: heap OOB read parsing crafted ICC profile</issue>
  <issue tracker="bnc" id="1108813">VUL-0: lcms2: CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile</issue>
  <issue tracker="cve" id="2018-16435"/>
  <issue tracker="cve" id="2016-10165"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>sbrabec</packager>
  <description>This update for lcms2 fixes the following security issues:

- CVE-2016-10165: The Type_MLU_Read function allowed remote attackers to obtain
  sensitive information or cause a denial of service via an image with a crafted
  ICC profile, which triggered an out-of-bounds heap read (bsc#1021364).
- CVE-2018-16435: A integer overflow was fixed in the AllocateDataSet
  function in cmscgats.c, that could lead to a heap-based buffer overflow
  in the SetData function via a crafted file in the second argument to
  cmsIT8LoadFromFile. (bsc#1108813)
- Ensure that LUT stages match channel count (bsc#1026649).
- sanitize input and output channels on MPE profiles (bsc#1026650).
</description>
  <summary>Security update for lcms2</summary>
</patchinfo>