[Git][security-tracker-team/security-tracker][master] Track experimental fixes for libxml2

Sun, 02 May 2021 12:39:13 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4ae202ef by Salvatore Bonaccorso at 2021-05-02T21:38:38+02:00
Track experimental fixes for libxml2

Which will be moved to unstable if no build issues nor autopkgtest
issues are detected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -387,18 +387,21 @@ CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows 
object injection through Ph
        TODO: check if the code change eliminated the code that blocked 
addAttachment independent on Windows plattform/UNC paths
 CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
        RESERVED
+       [experimental] - libxml2 2.9.10+dfsg-6.4
        - libxml2 <unfixed> (bug #987737)
        [buster] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
 CVE-2021-3517 [heap-based buffer overflow in xmlEncodeEntitiesInternal() in 
entities.c]
        RESERVED
+       [experimental] - libxml2 2.9.10+dfsg-6.4
        - libxml2 <unfixed> (bug #987738)
        [buster] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
 CVE-2021-3516 [use-after-free in xmlEncodeEntitiesInternal() in entities.c]
        RESERVED
+       [experimental] - libxml2 2.9.10+dfsg-6.4
        - libxml2 <unfixed> (bug #987739)
        [buster] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae202ef50452106bc60a954433ad8219108bb0f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ae202ef50452106bc60a954433ad8219108bb0f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to