[xml/sgml-pkgs] Bug#987737: libxml2: CVE-2021-3518
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 28 20:25:12 BST 2021
Source: libxml2
Version: 2.9.10+dfsg-6.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libxml2.
CVE-2021-3518[0]:
| use-after-free in xmlXIncludeDoProcess() in xinclude.c
Note the code changed and the patch will not apply cleanly directly,
but the issue is present in 2.9.10 as well.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
[2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-xml-sgml-pkgs
mailing list