[Git][security-tracker-team/security-tracker][master] Clarify notes for libxml2 CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 15 15:10:43 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52674ac7 by Salvatore Bonaccorso at 2023-04-15T16:10:11+02:00
Clarify notes for libxml2 CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3143,7 +3143,7 @@ CVE-2023-29469 [Hashing of empty dict strings isn't deterministic]
 	RESERVED
 	- libxml2 <unfixed> (bug #1034437)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
-	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4)
 CVE-2023-29468
 	RESERVED
 CVE-2023-29467
@@ -6529,8 +6529,8 @@ CVE-2023-28484 [NULL dereference in xmlSchemaFixupComplexType]
 	RESERVED
 	- libxml2 <unfixed> (bug #1034436)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
-	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
-	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4)
+	NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4)
 CVE-2023-28483
 	RESERVED
 CVE-2023-28482



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52674ac7673cde45adae183e34635abf801f4e48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52674ac7673cde45adae183e34635abf801f4e48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230415/48cf53bd/attachment.htm>

More information about the debian-security-tracker-commits mailing list