[xml/sgml-pkgs] Bug#870865: libxml2: CVE-2017-7376: Incorrect limit used for port values

Salvatore Bonaccorso carnil at debian.org
Sat Aug 5 20:37:28 UTC 2017


Source: libxml2
Version: 2.9.1+dfsg1-5
Severity: important
Tags: upstream security
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=780690

Hi,

the following vulnerability was published for libxml2.

CVE-2017-7376[0]:
Incorrect limit used for port values

Note though that a concern was raised in for the upstrem commit [4],
that a negative port in the URL would make the URL invalid. The
upstream bug is not yet opened.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7376
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
[1] https://bugzilla.gnome.org/show_bug.cgi?id=780690
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1462216
[3] https://bugzilla.novell.com/show_bug.cgi?id=1044887
[4] https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the debian-xml-sgml-pkgs mailing list