[Secure-testing-commits] r57983 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 24 05:19:30 UTC 2017
Author: carnil
Date: 2017-11-24 05:19:29 +0000 (Fri, 24 Nov 2017)
New Revision: 57983
Modified:
data/CVE/list
Log:
Mark CVE-2017-5130/libxml2 as no-dsa, reasoning in NOTE
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-11-23 22:05:10 UTC (rev 57982)
+++ data/CVE/list 2017-11-24 05:19:29 UTC (rev 57983)
@@ -36113,10 +36113,14 @@
CVE-2017-5130
RESERVED
- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
+ [stretch] - libxml2 <no-dsa> (Minor issue)
+ [jessie] - libxml2 <no-dsa> (Minor issue)
- chromium-browser 62.0.3202.75-1 (unimportant)
NOTE: chromium-browser uses system libxml2.
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public)
+ NOTE: xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked
+ NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc.
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
NOTE: Needs follow up: https://git.gnome.org/browse/libxml2/commit/?id=ed48d65b4d6c5cec7be035ad5eebeba873b4b955
CVE-2017-5129
More information about the Secure-testing-commits
mailing list