File _patchinfo of Package patchinfo.10394

<patchinfo incident="10394">
  <issue tracker="bnc" id="1043898">VUL-1: CVE-2017-8834: libcroco: Denial of service (memory allocation error) via a crafted CSS file.</issue>
  <issue tracker="bnc" id="1043899">VUL-1: CVE-2017-8871: libcroco: Denial of service (infinite loop and CPU consumption) via a crafted CSS file</issue>
  <issue tracker="bnc" id="1034481">VUL-1: CVE-2017-7960: libcroco: heap overflow (input: check end of input before reading a byte)</issue>
  <issue tracker="bnc" id="1034482">VUL-1: CVE-2017-7961: libcroco: undefined behavior (tknzr: support only max long rgb values)</issue>
  <issue tracker="cve" id="2017-7960"/>
  <issue tracker="cve" id="2017-7961"/>
  <issue tracker="cve" id="2017-8871"/>
  <issue tracker="cve" id="2017-8834"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for libcroco fixes the following issues:

Security issues fixed:

- CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481).                                                                    
- CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482).                                                                       
- CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898).
- CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899).

This update was imported from the SUSE:SLE-12-SP2:Update update project.</description>
  <summary>Security update for libcroco</summary>
</patchinfo>