[Git][security-tracker-team/security-tracker][master] Merge libxml-parser-perl entries with old non-CVEified entries

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
81b87984 by Salvatore Bonaccorso at 2026-03-19T19:41:38+01:00
Merge libxml-parser-perl entries with old non-CVEified entries

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,3 @@
-CVE-2006-10003
-	- libxml-parser-perl <unfixed>
-	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106362/
-	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19860
-	NOTE: https://github.com/cpan-authors/XML-Parser/issues/39
-	NOTE: Fixed by: https://github.com/cpan-authors/XML-Parser/commit/08dd37c35ec5e64e26aacb8514437f54708f7fd1 (2.48)
-CVE-2006-10002
-	- libxml-parser-perl <unfixed>
-	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106361/
-	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19859
-	NOTE: https://github.com/cpan-authors/XML-Parser/issues/64
-	NOTE: Fixed by: https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79 (2.48)
 CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
 	- xpdf <not-affected> (Debian uses poppler)
 CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin for Wo ...)
@@ -920613,10 +920601,18 @@ CVE-2006-3972 (Directory traversal vulnerability in includes/operator_chattransc
 	NOT-FOR-US: Ajax Chat
 CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.p ...)
 	NOT-FOR-US: Ajax Chat
-CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
+CVE-2006-10002 [Buffer overflow in XML::Parser::Expat triggered by utf8]
 	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
-CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106361/
+	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19859
+	NOTE: https://github.com/cpan-authors/XML-Parser/issues/64
+	NOTE: Fixed by: https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79 (2.48)
+CVE-2006-10003 [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
 	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38106362/
+	NOTE: https://rt.cpan.org/Ticket/Display.html?id=19860
+	NOTE: https://github.com/cpan-authors/XML-Parser/issues/39
+	NOTE: Fixed by: https://github.com/cpan-authors/XML-Parser/commit/08dd37c35ec5e64e26aacb8514437f54708f7fd1 (2.48)
 CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO Componen ...)
 	NOT-FOR-US: LMO for joomla
 CVE-2006-3969 (PHP remote file inclusion vulnerability in administrator/components/co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b87984edf0456ddd3f94ceed401db5a60e0f76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81b87984edf0456ddd3f94ceed401db5a60e0f76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/4ff3460c/attachment.htm>