Overview

File _patchinfo of Package patchinfo.8002

<patchinfo incident="8002">
  <issue id="1088590" tracker="bnc">VUL-0: CVE-2018-1000166: cfitsio: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code</issue>
  <issue id="1082318" tracker="bnc">Packages must not mark license files as %doc</issue>
  <issue id="2018-1000166" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>adra</packager>
  <description>This update for cfitsio fixes the following issues:

Security issues fixed:

- CVE-2018-1000166: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code (boo#1088590)

This update to version 3.430 also contains a number of upstream bug fixes.

The following tracked packaging changes are included:

- boo#1082318: package licence text as license, not as documentation
</description>
  <summary>Security update for cfitsio</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places