[xml/sgml-pkgs] Bug#806384: libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 26 20:45:52 UTC 2015
Source: libxml2
Version: 2.9.2+zdfsg1-4
Severity: normal
Tags: security upstream patch fixed-upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=756263
Hi,
the following vulnerability was published for libxml2. It is fixed
upstream with 2.9.3.
Can be reproduced with AFL and ASAN enabled with the PoC attached to
the upstream bug.
CVE-2015-8241[0]:
Buffer overread with XML parser in xmlNextChar
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8241
[1] https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
[2] https://bugzilla.gnome.org/show_bug.cgi?id=756263
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-xml-sgml-pkgs
mailing list