[Secure-testing-commits] r37759 - data/CVE

Henri Salo fgeek-guest at moszumanska.debian.org
Wed Nov 18 17:06:27 UTC 2015 

Author: fgeek-guest
Date: 2015-11-18 17:06:26 +0000 (Wed, 18 Nov 2015)
New Revision: 37759

Modified:
   data/CVE/list
Log:
CVE-2015-8242/libxml2, syntax fix

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-18 17:03:02 UTC (rev 37758)
+++ data/CVE/list	2015-11-18 17:06:26 UTC (rev 37759)
@@ -1,10 +1,17 @@
+CVE-2015-8242 [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
+	- libxml2 <unfixed> (bug #805146)
+	[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
+	[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
+	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
+	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
 CVE-2015-8241 [Buffer overread with XML parser in xmlNextChar]
-    - libxml2 <unfixed>
-    NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
-    NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
-    NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
-    NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
-    TODO: check versions
+	- libxml2 <unfixed>
+	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
+	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
+	NOTE: Possibly introduced by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/17/5
+	TODO: check versions
 CVE-2015-8239 [race condition checking digests/checksums in sudoers]
 	- sudo <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
@@ -200,13 +207,6 @@
 	NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
 	TODO: check
-CVE-2015-XXXX [Buffer overread with HTML parser in push mode in xmlSAX2TextNode]
-	- libxml2 <unfixed> (bug #805146)
-	[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
-	[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
-	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
-	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
-	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
 CVE-2015-XXXX [Out-of-bounds heap read on 0xff char in xml declaration]
 	- libxml2 <unfixed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631

More information about the Secure-testing-commits mailing list