[Bug 1996494] Re: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
Thanks a lot for the fixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1996494 Title: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1996494/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1996494] Re: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
This bug was fixed in the package libxml2 - 2.9.10+dfsg-5ubuntu0.20.04.5 --- libxml2 (2.9.10+dfsg-5ubuntu0.20.04.5) focal-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa Wed, 30 Nov 2022 09:53:52 -0300 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1996494 Title: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1996494/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1996494] Re: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
This bug was fixed in the package libxml2 - 2.9.13+dfsg-1ubuntu0.2 --- libxml2 (2.9.13+dfsg-1ubuntu0.2) jammy-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa Tue, 29 Nov 2022 16:39:07 -0300 ** Changed in: libxml2 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1996494 Title: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1996494/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1996494] Re: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash)
This bug was fixed in the package libxml2 - 2.9.14+dfsg-1ubuntu0.1 --- libxml2 (2.9.14+dfsg-1ubuntu0.1) kinetic-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa Tue, 29 Nov 2022 16:23:02 -0300 ** Changed in: libxml2 (Ubuntu) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40303 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40304 ** Changed in: libxml2 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1996494 Title: CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1996494/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
