[Secure-testing-commits] r37829 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 23 18:44:20 UTC 2015
Author: carnil
Date: 2015-11-23 18:44:20 +0000 (Mon, 23 Nov 2015)
New Revision: 37829
Modified:
data/CVE/list
Log:
CVE-2015-8035: add upstream tag containing the fix, v2.9.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-23 18:43:22 UTC (rev 37828)
+++ data/CVE/list 2015-11-23 18:44:20 UTC (rev 37829)
@@ -684,7 +684,7 @@
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...)
- libxml2 <unfixed> (bug #803942)
[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
- NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
+ NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (v2.9.3)
NOTE: You can use "xmllint --version" to verify if libxml2 is compiled with "Lzma" support.
NOTE: sid's 2.9.2+zdfsg1-4 claims to have "Lzma" support but it's broken in fact...
NOTE: so it barfs on the problematic file (parser error : Start tag expected,
More information about the Secure-testing-commits
mailing list