Overview

File _patchinfo of Package patchinfo.29841

<patchinfo incident="29841">
  <issue tracker="cve" id="2023-37464"/>
  <issue tracker="bnc" id="1213385">VUL-0: CVE-2023-37464: cjose: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the J</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for cjose</summary>
  <description>This update for cjose fixes the following issues:

- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places