Adding patchinfo patchinfo.20240906075939659340.90520734224245

2024-09-11 13:31:01 +02:00 · 2024-09-11 13:31:01 +02:00 · a14b0fb0da
commit a14b0fb0da
parent 2b4ebb8e48
1 changed files with 24 additions and 0 deletions
--- a/patchinfo.20240906075939659340.90520734224245/_patchinfo
+++ b/patchinfo.20240906075939659340.90520734224245/_patchinfo
@ -0,0 +1,24 @@
+<patchinfo>
+  <!-- generated from request(s) 343994 -->
+  <issue tracker="bnc" id="1221289">VUL-0: CVE-2024-28757: expat: libexpat: XML Entity Expansion</issue>
+  <issue tracker="bnc" id="1229930">VUL-0: CVE-2024-45490: expat: reject negative len for XML_ParseBuffer</issue>
+  <issue tracker="bnc" id="1229931">VUL-0: CVE-2024-45491: expat: detect integer overflow in dtdCopy</issue>
+  <issue tracker="bnc" id="1229932">VUL-0: CVE-2024-45492: expat: detect integer overflow in function nextScaffoldPart</issue>
+  <issue tracker="cve" id="2024-28757"/>
+  <issue tracker="cve" id="2024-45490"/>
+  <issue tracker="cve" id="2024-45491"/>
+  <issue tracker="cve" id="2024-45492"/>
+  <packager>david.anes</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for expat</summary>
+  <description>This update for expat fixes the following issues:
+
+- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) 
+- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
+- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
+- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289) 
+</description>
+  <package>expat</package>
+  <seperate_build_arch/>
+</patchinfo>