File _patchinfo of Package patchinfo.7151

<patchinfo incident="7151">
  <issue id="1029638" tracker="bnc">VUL-0: CVE-2017-6439: libplist: Heap-based buffer overflow in the parse_string_node function</issue>
  <issue id="1029639" tracker="bnc">VUL-0: CVE-2017-6435: libplist:  crafed plist file could lead to Heap-buffer overflow</issue>
  <issue id="1029706" tracker="bnc">VUL-0: CVE-2017-6438: libplist: Heap-based buffer overflow in the parse_unicode_node function</issue>
  <issue id="1029707" tracker="bnc">VUL-0: CVE-2017-6437: libplist: The base64encode function in base64.c in libimobiledevice libplist 1.12 allowslocal users to cause ...</issue>
  <issue id="1029751" tracker="bnc">VUL-0: CVE-2017-6436: libplist: Integer overflow in parse_string_node</issue>
  <issue id="2017-6435" tracker="cve" />
  <issue id="2017-6436" tracker="cve" />
  <issue id="2017-6437" tracker="cve" />
  <issue id="2017-6438" tracker="cve" />
  <issue id="2017-6439" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mgorse</packager>
  <description>This update for libplist fixes the following issues:

Security issues fixed:

- CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function. (bsc#1029638)
- CVE-2017-6438: Heap-based buffer overflow in the parse_unicode_node function. (bsc#1029706)
- CVE-2017-6437: The base64encode function in base64.c allows local users to cause denial of service
  (out-of-bounds read) via a crafted plist file. (bsc#1029707)
- CVE-2017-6436: Integer overflow in parse_string_node. (bsc#1029751)
- CVE-2017-6435: Crafted plist file could lead to Heap-buffer overflow. (bsc#1029639)


This update was imported from the SUSE:SLE-12-SP2:Update update project.</description>
  <summary>Security update for libplist</summary>
</patchinfo>