Source: libxml2 Version: 2.9.4+dfsg1-2 Severity: grave Tags: security upstream patch fixed-upstream
Hi, the following vulnerability was published for libxml2. CVE-2016-4658[0]: | libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and | watchOS before 3 allows remote attackers to execute arbitrary code or | cause a denial of service (memory corruption) via a crafted XML | document. Although the MITRE description at the moment explicitly mention that as Apple related, the upstream commit is now know as [1]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4658 [1] https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b Please adjust the affected versions in the BTS as needed. Regards, Salvatore