[Git][security-tracker-team/security-tracker][master] Track unstable upload for libxml2
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 21 15:21:13 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b50b0467 by Salvatore Bonaccorso at 2020-02-21T16:20:38+01:00
Track unstable upload for libxml2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12608,7 +12608,7 @@ CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/
CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
{DLA-2048-1}
[experimental] - libxml2 2.9.10+dfsg-1
- - libxml2 <unfixed>
+ - libxml2 2.9.10+dfsg-2
[buster] - libxml2 <no-dsa> (Minor issue)
[stretch] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
@@ -91649,7 +91649,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
{DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- - libxml2 <unfixed>
+ - libxml2 2.9.10+dfsg-2
[buster] - libxml2 <no-dsa> (Minor issue)
[stretch] - libxml2 <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -92146,7 +92146,7 @@ CVE-2018-14405
CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
{DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- - libxml2 <unfixed> (low; bug #901817)
+ - libxml2 2.9.10+dfsg-2 (low; bug #901817)
[buster] - libxml2 <no-dsa> (Minor issue)
[stretch] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
@@ -105938,7 +105938,7 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...)
{DLA-1524-1}
[experimental] - libxml2 2.9.7+dfsg-1
- - libxml2 <unfixed> (low; bug #895245)
+ - libxml2 2.9.10+dfsg-2 (low; bug #895245)
[buster] - libxml2 <no-dsa> (Minor issue)
[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
@@ -133297,7 +133297,7 @@ CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated
CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...)
{DLA-1194-1}
[experimental] - libxml2 2.9.7+dfsg-1
- - libxml2 <unfixed> (bug #882613)
+ - libxml2 2.9.10+dfsg-2 (bug #882613)
[buster] - libxml2 <ignored> (Minor issue; too intrusive to backport)
[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
@@ -184506,7 +184506,7 @@ CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro En
NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...)
[experimental] - libxml2 2.9.8+dfsg-1
- - libxml2 <unfixed> (bug #844581)
+ - libxml2 2.9.10+dfsg-2 (bug #844581)
[buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b0467343c3fbb49418895f73167a455dc3201
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b0467343c3fbb49418895f73167a455dc3201
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/6a7a2321/attachment.html>
More information about the debian-security-tracker-commits
mailing list