[Git][security-tracker-team/security-tracker][master] Add CVE-2016-3709/libxml2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39a907b4 by Salvatore Bonaccorso at 2022-07-31T21:19:53+02:00
Add CVE-2016-3709/libxml2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -378548,6 +378548,11 @@ CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on ban
 	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
 	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
 CVE-2016-3709 (Possible cross-site scripting vulnerability in libxml after commit 960 ...)
+	- libxml2 2.9.12+dfsg-3
+	NOTE: https://mail.gnome.org/archives/xml/2018-January/msg00010.html
+	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769760
+	NOTE: Introduced by: https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588 (v2.9.2-rc1)c
+	NOTE: Fixed by: https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f (v2.9.11)
 	TODO: check
 CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
 	NOT-FOR-US: OpenShiftEnterprise / Red Hat



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a907b4413ed7545e8abdfc62ac69749b493dbc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39a907b4413ed7545e8abdfc62ac69749b493dbc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220731/067c1bfa/attachment.htm>