File _patchinfo of Package patchinfo.8017

<patchinfo incident="8017">
  <issue tracker="bnc" id="1100353">VUL-0: CVE-2018-13348: mercurial: The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandlescertain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data, but actually ar</issue>
  <issue tracker="bnc" id="1100355">VUL-0: CVE-2018-13347: mercurial: mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction,aka OVE-20180430-0002.</issue>
  <issue tracker="bnc" id="1100354">VUL-0: CVE-2018-13346: mercurial: The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectlyproceeds in cases where the fragment start is past the end of the original data,aka OVE-20180430-0004.</issue>
  <issue tracker="cve" id="2018-13348"/>
  <issue tracker="cve" id="2018-13347"/>
  <issue tracker="cve" id="2018-13346"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>tiwai</packager>
  <description>This update for mercurial fixes the following issues:

Security issues fixed:

- CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).
- CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).
- CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).
</description>
  <summary>Security update for mercurial</summary>
</patchinfo>