This bug was fixed in the package libxml2 - 2.9.2+zdfsg1-4ubuntu3
---------------
libxml2 (2.9.2+zdfsg1-4ubuntu3) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
(LP: #1525996)
- add extra commits to this previously-fixed CVE
- debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
makes sense in parser.c.
- debian/patches/CVE-2015-7499-4.patch: do not print error context when
there is none in error.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds memory access via unclosed html comment
- debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
comment uninitialized access in HTMLparser.c.
- CVE-2015-8710
-- Marc Deslauriers <[email protected]> Thu, 14 Jan 2016
08:59:31 -0500
** Changed in: libxml2 (Ubuntu Xenial)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7499
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8710
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1525996
Title:
missing patch in USN-2834-1 security updates
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1525996/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
