[Secure-testing-commits] r37758 - data/CVE
Henri Salo
fgeek-guest at moszumanska.debian.org
Wed Nov 18 17:03:02 UTC 2015
Author: fgeek-guest
Date: 2015-11-18 17:03:02 +0000 (Wed, 18 Nov 2015)
New Revision: 37758
Modified:
data/CVE/list
Log:
CVE-2015-8241/libxml2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-18 17:00:14 UTC (rev 37757)
+++ data/CVE/list 2015-11-18 17:03:02 UTC (rev 37758)
@@ -1,3 +1,10 @@
+CVE-2015-8241 [Buffer overread with XML parser in xmlNextChar]
+ - libxml2 <unfixed>
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
+ NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
+ NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
+ TODO: check versions
CVE-2015-8239 [race condition checking digests/checksums in sudoers]
- sudo <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
@@ -200,13 +207,6 @@
[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
-CVE-2015-XXXX [Buffer overread with XML parser in xmlNextChar]
- - libxml2 <unfixed>
- NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
- NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
- NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
- TODO: check versions
CVE-2015-XXXX [Out-of-bounds heap read on 0xff char in xml declaration]
- libxml2 <unfixed>
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
More information about the Secure-testing-commits
mailing list