File _patchinfo of Package patchinfo.8015

<patchinfo incident="8015">
  <issue tracker="bnc" id="1058673">VUL-0: CVE-2017-2816: libofx: An exploitable buffer overflow vulnerability exists in the tag parsingfunctionality of LibOFX 0.9.11. A specially crafted OFX file can cause a writeout of bounds resulting in a buffer overflow on the stack. A</issue>
  <issue id="1060437" tracker="bnc">VUL-0: CVE-2017-14731: libofx: ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers tocause a denial of service (heap-based buffer over-read and application crash)via a crafted file, as demonstrated by an ofxdump call</issue>
  <issue id="1061964" tracker="bnc">VUL-0: CVE-2017-2920: libofx: buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp</issue>
  <issue id="2017-2920" tracker="cve" />
  <issue tracker="cve" id="2017-2816"/>
  <issue id="2017-14731" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>zhengqiang</packager>
  <description>This update for libofx fixes the following issues:

Security issues fixed:

- CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673).
- CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964).
- CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437).
</description>
  <summary>Security update for libofx</summary>
</patchinfo>