File _patchinfo of Package patchinfo.10297

<patchinfo incident="10297">
  <issue tracker="bnc" id="1113660">VUL-0: CVE-2018-16842: curl: warning message out-of-buffer read</issue>
  <issue tracker="bnc" id="1123371">VUL-1: CVE-2018-16890: curl: NTLM type-2 out-of-bounds buffer read</issue>
  <issue tracker="bnc" id="1113029">VUL-0: CVE-2018-16840: curl: use-after-free in handle close</issue>
  <issue tracker="bnc" id="1112758">VUL-0: CVE-2018-16839: curl: SASL password overflow via integer overflow</issue>
  <issue tracker="bnc" id="1123377">VUL-0: CVE-2019-3822: curl: NTLMv2 type-3 header stack buffer overflow</issue>
  <issue tracker="bnc" id="1123378">VUL-1: CVE-2019-3823: curl: SMTP end-of-response out-of-bounds read</issue>
  <issue tracker="cve" id="2018-16890"/>
  <issue tracker="cve" id="2018-16842"/>
  <issue tracker="cve" id="2019-3823"/>
  <issue tracker="cve" id="2019-3822"/>
  <issue tracker="cve" id="2018-16840"/>
  <issue tracker="cve" id="2018-16839"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for curl fixes the following issues:

Security issues fixed:

- CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377).
- CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).
- CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). 
- CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).
- CVE-2018-16840: Fixed a use-after-free in handle close  (bsc#1113029).
- CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).

</description>  
<summary>Security update for curl</summary>
</patchinfo>