[xml/sgml-pkgs] Bug#1071162: libxml2: CVE-2024-34459
Salvatore Bonaccorso
carnil at debian.org
Wed May 15 10:59:40 BST 2024
Source: libxml2
Version: 2.9.14+dfsg-1.3
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for libxml2.
CVE-2024-34459[0]:
| An issue was discovered in xmllint (from libxml2) before 2.11.8 and
| 2.12.x before 2.12.7. Formatting error messages with xmllint
| --htmlout can result in a buffer over-read in
| xmlHTMLPrintFileContext in xmllint.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-34459
https://www.cve.org/CVERecord?id=CVE-2024-34459
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
[2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 (2.11.8)
[3] https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce (2.12.7)
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the debian-xml-sgml-pkgs
mailing list