[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 355-1] libxml2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.7.8.dfsg-2+squeeze15
CVE ID         : CVE-2015-8241 CVE-2015-8317
Debian Bug     : 806384

CVE-2015-8241
    Buffer overread with XML parser in xmlNextChar

CVE-2015-8317
  - issues in the xmlParseXMLDecl function:
    If we fail conversing the current input stream while
    processing the encoding declaration of the XMLDecl
    then it's safer to just abort there and not try to
    report further errors.
  - If the string is not properly terminated do not try to convert
    to the given encoding.

Additional fix for off by one error in previous patch for CVE-2015-7942
(thanks to Salvatore for spotting this)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWW4AXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHaKQP/jUee9iJKtYJozOatRGIWIAJ
jgVKT+CnMgBYNwKT0zMjHkQDiTp040BzFlDrkjHkBAanzFwU7hWECLEE2UOEwPsA
BK+oQ2cSMXGWNNU55CJJNB/1+vBAuALgVGo0O+1stDp7Rv7jhIAuw2nEjpzXaAqZ
dsW/xYu3PsL2xcD7l60gEvErSshXUa0SK1e7RLWOrrFTTQQja1KXeHkMAEQCRfkj
sJTdHKxCLLSscKX4E6I56R95r3cScdE2ol383nEiGS8J+VmTcrrFKqKz0h7saac0
qI3/zCunZoGOd4q0F0TBYobCAFdSfNXDc+/Ev+ETBxtKrVxSb3K3LpsoTETb7DV8
ic0y2TI67lV/RlFW/MSwZBGGROGbcEBeH1pNUX5zzpioRwHc8jCXkkMeILAZq9bD
HLV8u1SLXUb16VxHJGEXs7gPmPAA5D/k5XQ+L8wm7eE9ZrfYnbYyg5Ebw1DUZGfj
3QotJkAK8iEZHoPf65s617+maEecBn9ROnkdxYqVcAH2DKfEPC/feyn1tTurc6nq
R8bYwv+idrbkdqxu/mSwqNLYjQ2eTpUyMaraeqk3P/7G6cXZ/VAPc2t9Qs7rl0I7
RGFbTrx6iUg+rIxS+l8fUKAXeGvaa5/4aCFfR9WT+JHU5RcMiTMOf5SOftzG6mdq
DavsA5azNhMsIcLv20n/
=wO2r
-----END PGP SIGNATURE-----


Reply to: