Source: libxml2 Version: 2.9.2+zdfsg1-4 Severity: normal Tags: security upstream patch fixed-upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=756263
Hi, the following vulnerability was published for libxml2. It is fixed upstream with 2.9.3. Can be reproduced with AFL and ASAN enabled with the PoC attached to the upstream bug. CVE-2015-8241[0]: Buffer overread with XML parser in xmlNextChar If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8241 [1] https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe [2] https://bugzilla.gnome.org/show_bug.cgi?id=756263 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
