Overview

File _patchinfo of Package patchinfo.10157

<patchinfo incident="10157">
  <issue tracker="bnc" id="1123378">VUL-1: EMBARGOED: CVE-2019-3823: curl: SMTP end-of-response out-of-bounds read</issue>
  <issue tracker="bnc" id="1123371">VUL-1: EMBARGOED: CVE-2018-16890: curl: NTLM type-2 out-of-bounds buffer read</issue>
  <issue tracker="bnc" id="1123377">VUL-0: EMBARGOED: CVE-2019-3822: curl: NTLMv2 type-3 header stack buffer overflow</issue>
  <issue tracker="cve" id="2019-3823"/>
  <issue tracker="cve" id="2019-3822"/>
  <issue tracker="cve" id="2018-16890"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for curl fixes the following issues:

Security issues fixed:

- CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).
- CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).
- CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places