[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2021-04-12 Thread Steve Beattie
Please note that upstream has indicated that this issue only affects the
xmllint binary, and not the shared library.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  Fix Released
Status in libxml2 source package in Hirsute:
  Fix Released
Status in libxml2 package in Debian:
  Fix Released

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2021-02-25 Thread Mattia Rizzolo
** Also affects: libxml2 (Ubuntu Hirsute)
   Importance: High
   Status: Confirmed

** Changed in: libxml2 (Ubuntu Hirsute)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  Fix Released
Status in libxml2 source package in Hirsute:
  Fix Released
Status in libxml2 package in Debian:
  Fix Released

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2021-02-25 Thread Bug Watch Updater
** Changed in: libxml2 (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  Confirmed
Status in libxml2 package in Debian:
  Fix Released

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-10-22 Thread Sebastien Bacher
** Changed in: libxml2 (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  Confirmed
Status in libxml2 package in Debian:
  Unknown

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-10-21 Thread Eduardo Barretto
** Changed in: libxml2 (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  Confirmed
Status in libxml2 package in Debian:
  Unknown

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-22 Thread Avital Ostromich
** Description changed:

+ GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read
+ vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
+ 
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
  
- Upstream patch:
- 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49
+ Upstream patch: 
+ 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
  
- GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read
- vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
+ Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  New
Status in libxml2 package in Debian:
  Unknown

Bug description:
  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch: 
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

  Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-22 Thread Avital Ostromich
** Description changed:

  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
  
  Upstream patch:
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49
+ 
+ GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read
+ vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  New
Status in libxml2 package in Debian:
  Unknown

Bug description:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch:
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49

  GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
  read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-17 Thread Mattia Rizzolo
** Bug watch added: Debian Bug tracker #969529
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529

** Also affects: libxml2 (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  New
Status in libxml2 package in Debian:
  Unknown

Bug description:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch:
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-16 Thread Alex Murray
** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839

Title:
  CVE-2020-24977

Status in libxml2 package in Ubuntu:
  New

Bug description:
  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

  Upstream patch:
  
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp