Author: carnil
Date: 2015-11-23 18:44:20 +0000 (Mon, 23 Nov 2015)
New Revision: 37829
Modified:
data/CVE/list
Log:
CVE-2015-8035: add upstream tag containing the fix, v2.9.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-23 18:43:22 UTC (rev 37828)
+++ data/CVE/list 2015-11-23 18:44:20 UTC (rev 37829)
@@ -684,7 +684,7 @@
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not
properly ...)
- libxml2 <unfixed> (bug #803942)
[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
- NOTE: Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
+ NOTE: Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
(v2.9.3)
NOTE: You can use "xmllint --version" to verify if libxml2 is compiled
with "Lzma" support.
NOTE: sid's 2.9.2+zdfsg1-4 claims to have "Lzma" support but it's
broken in fact...
NOTE: so it barfs on the problematic file (parser error : Start tag
expected,
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
