{"affected":[{"ecosystem_specific":{"binaries":[{"liblz4-1":"1.8.0-lp150.2.3.1","liblz4-1-32bit":"1.8.0-lp150.2.3.1","liblz4-devel":"1.8.0-lp150.2.3.1","lz4":"1.8.0-lp150.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"lz4","purl":"pkg:rpm/opensuse/lz4&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0-lp150.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"liblz4-1":"1.8.0-lp150.2.3.1","liblz4-1-32bit":"1.8.0-lp150.2.3.1","liblz4-devel":"1.8.0-lp150.2.3.1","lz4":"1.8.0-lp150.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"lz4-test","purl":"pkg:rpm/opensuse/lz4-test&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0-lp150.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for lz4 fixes the following issues:\n\n- CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2398-1","modified":"2019-10-28T19:27:56Z","published":"2019-10-28T19:27:56Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K7YFHI6XFRGBVSXNEVWR4PPHMCTX5SO6/#K7YFHI6XFRGBVSXNEVWR4PPHMCTX5SO6"},{"type":"REPORT","url":"https://bugzilla.suse.com/1153936"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17543"}],"related":["CVE-2019-17543"],"summary":"Security update for lz4","upstream":["CVE-2019-17543"]}