[Secure-testing-commits] r37758 - data/CVE

[Henri Salo]

Author: fgeek-guest
Date: 2015-11-18 17:03:02 +0000 (Wed, 18 Nov 2015)
New Revision: 37758

Modified:
   data/CVE/list
Log:
CVE-2015-8241/libxml2

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-18 17:00:14 UTC (rev 37757)
+++ data/CVE/list	2015-11-18 17:03:02 UTC (rev 37758)
@@ -1,3 +1,10 @@
+CVE-2015-8241 [Buffer overread with XML parser in xmlNextChar]
+    - libxml2 <unfixed>
+    NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
+    NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
+    NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
+    NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
+    TODO: check versions
 CVE-2015-8239 [race condition checking digests/checksums in sudoers]
 	- sudo <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
@@ -200,13 +207,6 @@
 	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
 	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
-CVE-2015-XXXX [Buffer overread with XML parser in xmlNextChar]
-	- libxml2 <unfixed>
-	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
-	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
-	NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
-	TODO: check versions
 CVE-2015-XXXX [Out-of-bounds heap read on 0xff char in xml declaration]
 	- libxml2 <unfixed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631