[Git][security-tracker-team/security-tracker][master] Track experimental fixes for libxml2

Salvatore Bonaccorso carnil at debian.org
Sun May 2 20:39:01 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ae202ef by Salvatore Bonaccorso at 2021-05-02T21:38:38+02:00
Track experimental fixes for libxml2

Which will be moved to unstable if no build issues nor autopkgtest
issues are detected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -387,18 +387,21 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph
 	TODO: check if the code change eliminated the code that blocked addAttachment independent on Windows plattform/UNC paths
 CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
 	RESERVED
+	[experimental] - libxml2 2.9.10+dfsg-6.4
 	- libxml2 <unfixed> (bug #987737)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
 CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c]
 	RESERVED
+	[experimental] - libxml2 2.9.10+dfsg-6.4
 	- libxml2 <unfixed> (bug #987738)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
 CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
 	RESERVED
+	[experimental] - libxml2 2.9.10+dfsg-6.4
 	- libxml2 <unfixed> (bug #987739)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae202ef50452106bc60a954433ad8219108bb0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae202ef50452106bc60a954433ad8219108bb0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210502/a87c2e54/attachment.htm>

More information about the debian-security-tracker-commits mailing list