advisories/25638.adv

type: security
subject: Updated libapreq2 packages fix security vulnerability
CVE:
 - CVE-2019-12412
src:
  7:
   core:
     - libapreq2-2.130.0-28.1.mga7
description: |
  Updated libapreq2 packages fix security vulnerability:

  Max Kellermann reported a NULL pointer dereference flaw in libapreq2,
  allowing a remote attacker to cause a denial of service against an
  application using the library (application crash) if an invalid nested
  "multipart" body is processed (CVE-2019-12412).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=25638
 - https://www.debian.org/security/2019/dsa-4541
ID: MGASA-2019-0327
1	type: security
2	subject: Updated libapreq2 packages fix security vulnerability
3	CVE:
4	- CVE-2019-12412
5	src:
6	7:
7	core:
8	- libapreq2-2.130.0-28.1.mga7
9	description: \|
10	Updated libapreq2 packages fix security vulnerability:
11
12	Max Kellermann reported a NULL pointer dereference flaw in libapreq2,
13	allowing a remote attacker to cause a denial of service against an
14	application using the library (application crash) if an invalid nested
15	"multipart" body is processed (CVE-2019-12412).
16	references:
17	- https://bugs.mageia.org/show_bug.cgi?id=25638
18	- https://www.debian.org/security/2019/dsa-4541
19	ID: MGASA-2019-0327