Source: libxml2 Version: 2.9.4+dfsg1-5.1 Severity: important Tags: patch security upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=759579
Hi, the following vulnerability was published for libxml2. CVE-2017-16932[0]: | parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in | parameter entities. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16932 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932 [1] https://bugzilla.gnome.org/show_bug.cgi?id=759579 (not yet public) [2] https://git.gnome.org/browse/libxml2/commit/?id=899a5d9f0ed13b8e32449a08a361e0de127dd961 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
