[Git][security-tracker-team/security-tracker][master] Add CVE-2020-24977/libxml2
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 4 13:00:32 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20dbdc5d by Salvatore Bonaccorso at 2020-09-04T14:00:02+02:00
Add CVE-2020-24977/libxml2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -359,7 +359,14 @@ CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_t
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflo ...)
- TODO: check
+ - libxml2 <unfixed>
+ [buster] - libxml2 <no-dsa> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
+ NOTE: The issue is specific and restricted to xmllint:
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545
+ NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and
+ NOTE: provide pivot buffer.") commit itself.
CVE-2020-24976
RESERVED
CVE-2020-24975
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20dbdc5d2da1c5047cfd54dfcfb8fa9a3d6016a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20dbdc5d2da1c5047cfd54dfcfb8fa9a3d6016a5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200904/1ad2d3f2/attachment.html>
More information about the debian-security-tracker-commits
mailing list