Source: libxml2 Version: 2.9.1+dfsg1-5 Severity: important Tags: patch security upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=780228
Hi, the following vulnerability was published for libxml2. CVE-2017-0663[0]: | A remote code execution vulnerability in libxml2 could enable an | attacker using a specially crafted file to execute arbitrary code | within the context of an unprivileged process. This issue is rated as | High due to the possibility of remote code execution in an application | that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-0663 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663 [1] https://bugzilla.gnome.org/show_bug.cgi?id=780228 [2] https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1462225 https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c2 https://bugzilla.redhat.com/show_bug.cgi?id=1462225#c3 [4] https://bugzilla.novell.com/show_bug.cgi?id=1044337 Regards, Salvatore