[Secure-testing-commits] r42019 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed May 25 16:06:21 UTC 2016
Author: carnil
Date: 2016-05-25 16:06:21 +0000 (Wed, 25 May 2016)
New Revision: 42019
Modified:
data/CVE/list
Log:
Update status for CVE-2016-1836
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-05-25 15:57:54 UTC (rev 42018)
+++ data/CVE/list 2016-05-25 16:06:21 UTC (rev 42019)
@@ -9360,9 +9360,11 @@
TODO: check versions
CVE-2016-1836 (libxml2, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
- libxml2 <unfixed>
- NOTE: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
+ [wheezy] - libxml2 <not-affected> (Vulnerable code not present)
+ NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
+ NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
- TODO: check versions
+ NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
CVE-2016-1835 (libxml2, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, ...)
- libxml2 <unfixed>
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
More information about the Secure-testing-commits
mailing list