File _patchinfo of Package patchinfo.9290

<patchinfo incident="9290">
  <issue id="2018-1000807" tracker="cve"/>
  <issue id="2018-1000808" tracker="cve"/>
  <issue tracker="bnc" id="1052927">python-cryptography requires dependency to python-setuptools</issue>
  <issue id="1111634" tracker="bnc">VUL-1: CVE-2018-1000808: python-pyOpenSSL: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store</issue>
  <issue id="1111635" tracker="bnc">VUL-0: CVE-2018-1000807: python-pyOpenSSL: Use After Free vulnerability in X509 object handling</issue>
  <issue id="1021578" tracker="bnc">Bug in the version of PyOpenSSL installed in OpenSUSE LEAP 42.3.</issue>
  <issue tracker="bnc" id="1119077">L3: python-pyOpenSSL accesses non-existing attribute _from_raw_x509_ptr in object X509</issue>
  <category>security</category>
  <rating>important</rating>
  <packager>msmeissn</packager>
  <summary>Security update for python-cryptography, python-pyOpenSSL</summary>
  <description>This update for python-cryptography, python-pyOpenSSL fixes the following issues:

Security issues fixed:

- CVE-2018-1000808: A memory leak due to missing reference checking in PKCS#12 store handling was fixed (bsc#1111634)
- CVE-2018-1000807: A use-after-free in X509 object handling was fixed (bsc#1111635)

This update also contains the following tracked bug fixes:
    
- avoid bad interaction with python-cryptography package. (bsc#1021578)
- Avoid regression accessesing non-existing attribute _from_raw_x509_ptr in object X509 (bsc#1119077)
- Add python-setuptools as a requirement. (bsc#1052927)
  
This update was imported from the SUSE:SLE-12-SP2:Update update project.</description>
</patchinfo>