File _patchinfo of Package patchinfo.11540

<patchinfo incident="11540">
  <issue tracker="cve" id="2019-17542"/>
  <issue tracker="cve" id="2019-12730"/>
  <issue tracker="cve" id="2018-13301"/>
  <issue tracker="cve" id="2019-9718"/>
  <issue tracker="bnc" id="1154064">VUL-0: CVE-2019-17542: ffmpeg: heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c</issue>
  <issue tracker="bnc" id="1100352">VUL-1: CVE-2018-13301: ffmpeg: missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference</issue>
  <issue tracker="bnc" id="1137526">VUL-1: CVE-2019-12730: ffmpeg: aa_read_header in libavformat/aadec.c does not check for sscanf failure and consequently allows use of uninitialized variables</issue>
  <issue tracker="bnc" id="1129715">VUL-1: CVE-2019-9718: ffmpeg: denial of service in the subtitle decoder in ff_htmlmarkup_to_ass from libavcodec/htmlsubtitles.c</issue>
  <category>security</category>
  <rating>important</rating>
  <packager>zhengqiang</packager>
  <description>This update for ffmpeg fixes the following issues:

Security issues fixed:	  
- CVE-2019-17542: Fixed a heap-buffer overflow in vqa_decode_chunk due to an 
  out-of-array access (bsc#1154064).
- CVE-2019-12730: Fixed an uninitialized use of variables due to an improper 
  check (bsc#1137526).
- CVE-2019-9718: Fixed a denial of service in the subtitle decode (bsc#1129715).
- CVE-2018-13301: Fixed a denial of service while converting a crafted AVI file 
  to MPEG4 (bsc#1100352).
  </description>
  <summary>Security update for ffmpeg</summary>
</patchinfo>