Overview

File _patchinfo of Package patchinfo.42005

<patchinfo incident="42005">
  <issue tracker="cve" id="2024-45492"/>
  <issue tracker="cve" id="2024-50602"/>
  <issue tracker="cve" id="2024-45490"/>
  <issue tracker="cve" id="2024-45491"/>
  <issue tracker="bnc" id="1230038">VUL-0: CVE-2024-45492: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in function nextScaffoldPart</issue>
  <issue tracker="bnc" id="1230037">VUL-0: CVE-2024-45491: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in dtdCopy</issue>
  <issue tracker="bnc" id="1230036">VUL-0: CVE-2024-45490: mozjs60, mozjs78, mozjs115: embedded expat: reject negative len for XML_ParseBuffer</issue>
  <issue tracker="bnc" id="1232602">VUL-0: CVE-2024-50602: mozjs60,mozjs102,mozjs115,mozjs128: libexpat: DoS via XML_ResumeParser</issue>
  <packager>qzhao</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for mozjs60</summary>
  <description>This update for mozjs60 fixes the following issues:

- CVE-2024-50602: embedded expat: make XML_StopParser refuse to stop/suspend an unstarted parser and be explicit about
  XML_PARSING in XML_StopParser (bsc#1232602)
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places