[Git][security-tracker-team/security-tracker][master] Track fixed version for libxml2 issues via unstable
Salvatore Bonaccorso
carnil at debian.org
Thu May 6 11:32:23 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a1ac91a by Salvatore Bonaccorso at 2021-05-06T12:31:57+02:00
Track fixed version for libxml2 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,5 @@
CVE-2021-3537 [NULL pointer dereference in valid.c in xmlValidBuildAContentModel]
- [experimental] - libxml2 2.9.10+dfsg-6.5
- - libxml2 <unfixed> (bug #988123)
+ - libxml2 2.9.10+dfsg-6.6 (bug #988123)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
@@ -643,22 +642,19 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph
NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1)
CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
RESERVED
- [experimental] - libxml2 2.9.10+dfsg-6.4
- - libxml2 <unfixed> (bug #987737)
+ - libxml2 2.9.10+dfsg-6.6 (bug #987737)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c]
RESERVED
- [experimental] - libxml2 2.9.10+dfsg-6.4
- - libxml2 <unfixed> (bug #987738)
+ - libxml2 2.9.10+dfsg-6.6 (bug #987738)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
RESERVED
- [experimental] - libxml2 2.9.10+dfsg-6.4
- - libxml2 <unfixed> (bug #987739)
+ - libxml2 2.9.10+dfsg-6.6 (bug #987739)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1ac91af70ddda6ed9a96d52f04337bc5a43a3e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1ac91af70ddda6ed9a96d52f04337bc5a43a3e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/01b75280/attachment.htm>
More information about the debian-security-tracker-commits
mailing list