[Git][security-tracker-team/security-tracker][master] Track fixed version for libxml2 issues via unstable

Salvatore Bonaccorso carnil at debian.org
Thu May 6 11:32:23 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a1ac91a by Salvatore Bonaccorso at 2021-05-06T12:31:57+02:00
Track fixed version for libxml2 issues via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,5 @@
 CVE-2021-3537 [NULL pointer dereference in valid.c in xmlValidBuildAContentModel]
-	[experimental] - libxml2 2.9.10+dfsg-6.5
-	- libxml2 <unfixed> (bug #988123)
+	- libxml2 2.9.10+dfsg-6.6 (bug #988123)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
@@ -643,22 +642,19 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Ph
 	NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1)
 CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
 	RESERVED
-	[experimental] - libxml2 2.9.10+dfsg-6.4
-	- libxml2 <unfixed> (bug #987737)
+	- libxml2 2.9.10+dfsg-6.6 (bug #987737)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
 CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c]
 	RESERVED
-	[experimental] - libxml2 2.9.10+dfsg-6.4
-	- libxml2 <unfixed> (bug #987738)
+	- libxml2 2.9.10+dfsg-6.6 (bug #987738)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
 CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
 	RESERVED
-	[experimental] - libxml2 2.9.10+dfsg-6.4
-	- libxml2 <unfixed> (bug #987739)
+	- libxml2 2.9.10+dfsg-6.6 (bug #987739)
 	[buster] - libxml2 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1ac91af70ddda6ed9a96d52f04337bc5a43a3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a1ac91af70ddda6ed9a96d52f04337bc5a43a3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/01b75280/attachment.htm>


More information about the debian-security-tracker-commits mailing list