Overview

File _patchinfo of Package patchinfo.8159

<patchinfo incident="8159">
  <issue tracker="bnc" id="1052916">VUL-0: CVE-2017-2885: libsoup: Stack based buffer overflow with HTTP Chunked Encoding</issue>
  <issue tracker="bnc" id="1100097">VUL-1: CVE-2018-12910: libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames</issue>
  <issue tracker="bnc" id="1086036">translation-update-upstream commented out for Leap</issue>
  <issue tracker="cve" id="2018-12910"/>
  <issue tracker="cve" id="2017-2885"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for libsoup fixes the following issues:

Security issue fixed:

- CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097).
- CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916).

Bug fixes:

- bsc#1086036: translation-update-upstream commented out for Leap
</description>
  <summary>Security update for libsoup</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places