[xml/sgml-pkgs] Bug#803942: CVE-2015-8035: DoS with XZ compression support loop

Raphael Hertzog hertzog at debian.org
Tue Nov 3 13:50:15 UTC 2015

Package: libxml2
Severity: important
Tags: security patch fixed-upstream
Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=757466


the following vulnerability was published for libxml2.

CVE-2015-8035[0]: DoS if xz enabled

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8035
    Please adjust the affected versions in the BTS as needed.

The upstream patch is here:

wheezy/jessie are affected.

sid is not affected because XZ support is currently broken but it will be
fixed in the next upstream release.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

More information about the debian-xml-sgml-pkgs mailing list