[Git][security-tracker-team/security-tracker][master] Track unstable upload for libxml2

Fri Feb 21 15:21:13 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b50b0467 by Salvatore Bonaccorso at 2020-02-21T16:20:38+01:00
Track unstable upload for libxml2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12608,7 +12608,7 @@ CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/
 CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
 	{DLA-2048-1}
 	[experimental] - libxml2 2.9.10+dfsg-1
-	- libxml2 <unfixed>
+	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
@@ -91649,7 +91649,7 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
 CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
 	{DLA-1524-1}
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
-	- libxml2 <unfixed>
+	- libxml2 2.9.10+dfsg-2
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <postponed> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
@@ -92146,7 +92146,7 @@ CVE-2018-14405
 CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
 	{DLA-1524-1}
 	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
-	- libxml2 <unfixed> (low; bug #901817)
+	- libxml2 2.9.10+dfsg-2 (low; bug #901817)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
@@ -105938,7 +105938,7 @@ CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzm
 CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote  ...)
 	{DLA-1524-1}
 	[experimental] - libxml2 2.9.7+dfsg-1
-	- libxml2 <unfixed> (low; bug #895245)
+	- libxml2 2.9.10+dfsg-2 (low; bug #895245)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
 	[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
@@ -133297,7 +133297,7 @@ CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated
 CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...)
 	{DLA-1194-1}
 	[experimental] - libxml2 2.9.7+dfsg-1
-	- libxml2 <unfixed> (bug #882613)
+	- libxml2 2.9.10+dfsg-2 (bug #882613)
 	[buster] - libxml2 <ignored> (Minor issue; too intrusive to backport)
 	[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
 	[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
@@ -184506,7 +184506,7 @@ CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro En
 	NOT-FOR-US: Trend Micro
 CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...)
 	[experimental] - libxml2 2.9.8+dfsg-1
-	- libxml2 <unfixed> (bug #844581)
+	- libxml2 2.9.10+dfsg-2 (bug #844581)
 	[buster] - libxml2 <ignored> (Minor issue; intrusive to backport)
 	[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
 	[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b0467343c3fbb49418895f73167a455dc3201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b50b0467343c3fbb49418895f73167a455dc3201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200221/6a7a2321/attachment.html>
