File _patchinfo of Package patchinfo.42617

<patchinfo incident="42617">
  <issue tracker="cve" id="2026-1766"/>
  <issue tracker="cve" id="2026-1765"/>
  <issue tracker="cve" id="2026-1764"/>
  <issue tracker="cve" id="2026-1767"/>
  <issue tracker="bnc" id="1257609">VUL-0: CVE-2026-1767: localsearch, tracker-miners: GNOME localsearch MP3 Extractor: Heap buffer overflow leading to denial of service or information disclosure via malformed MP3 ID3 tags</issue>
  <issue tracker="bnc" id="1257608">VUL-0: CVE-2026-1766: localsearch, tracker-miners: GNOME localsearch MP3 Extractor: Denial of Service and information disclosure via malformed MP3 files.</issue>
  <issue tracker="bnc" id="1257607">VUL-0: CVE-2026-1765: localsearch, tracker-miners: GNOME localsearch MP3 Extractor: Denial of Service and potential information disclosure via crafted MP3 files</issue>
  <issue tracker="bnc" id="1257606">VUL-0: CVE-2026-1764: localsearch, tracker-miners: GNOME localsearch MP3 Extractor: Heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files</issue>
  <packager>mgorse</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for tracker-miners</summary>
  <description>This update for tracker-miners fixes the following issues:

- CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files
  (bsc#1257606).
- CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files (bsc#1257607).
- CVE-2026-1766: denial of Service and information disclosure via malformed MP3 files (bsc#1257608).
- CVE-2026-1767: heap buffer overflow leading to denial of service or information disclosure via malformed MP3 ID3
  tags (bsc#1257609).
</description>
</patchinfo>