Overview

File _patchinfo of Package patchinfo.35907

<patchinfo incident="35907">
  <issue tracker="cve" id="2024-45490"/>
  <issue tracker="cve" id="2024-45492"/>
  <issue tracker="cve" id="2024-45491"/>
  <issue tracker="bnc" id="1230036">VUL-0: CVE-2024-45490: mozjs60, mozjs78, mozjs115: embedded expat: reject negative len for XML_ParseBuffer</issue>
  <issue tracker="bnc" id="1230038">VUL-0: CVE-2024-45492: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in function nextScaffoldPart</issue>
  <issue tracker="bnc" id="1230037">VUL-0: CVE-2024-45491: mozjs60, mozjs78, mozjs115: embedded expat: detect integer overflow in dtdCopy</issue>
  <packager>qzhao</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for mozjs78</summary>
  <description>This update for mozjs78 fixes the following issues:

- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places