File _patchinfo of Package patchinfo.9488
<patchinfo incident="9488"> <issue tracker="bnc" id="1115722">VUL-0: CVE-2018-19198: uriparser: UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts</issue> <issue tracker="bnc" id="1115723">VUL-0: CVE-2018-19199: uriparser: UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication</issue> <issue tracker="bnc" id="1122193">VUL-0: CVE-2018-20721: uriparser: Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address</issue> <issue tracker="bnc" id="1115724">VUL-1: CVE-2018-19200: uriparser: UriCommon.c allows attempted operations on NULL input via a uriResetUri* function</issue> <issue tracker="cve" id="2018-19200"/> <issue tracker="cve" id="2018-19198"/> <issue tracker="cve" id="2018-19199"/> <issue tracker="cve" id="2018-20721"/> <category>security</category> <rating>low</rating> <packager>adamm</packager> <description>This update for uriparser fixes the following issues: Security issues fixed: - CVE-2018-20721: Fixed an out-of-bounds read for incomplete URIs with IPv6 addresses with embedded IPv4 address (bsc#1122193). - CVE-2018-19198: Fixed an out-of-bounds write that was possible via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115722). - CVE-2018-19199: Fixed an integer overflow caused by an unchecked multiplication via the uriComposeQuery* or uriComposeQueryEx* function (bsc#1115723). - CVE-2018-19200: Fixed a operation attempted on NULL input via a uriResetUri* function (bsc#1115724). </description> <summary>Security update for uriparser</summary> </patchinfo>
