[xml] Recent libxml2 CVE assignments

From: Chris Green <greencm gmail com>
To: xml gnome org
Subject: [xml] Recent libxml2 CVE assignments
Date: Wed, 18 May 2016 14:16:26 -0700

Good day,

In the upcoming libxml2 release planned for the 20th, are the below issues anticipated to be in 2.9.4 final? I don't believe these are in the current 2.9.4 RCs.

These two hit an Apple IOS release and then were on the oss-security mailing list.

https://bugzilla.gnome.org/show_bug.cgi?id=765207
https://bugzilla.gnome.org/show_bug.cgi?id=762100

The findings are restricted now but I know it wasn't always that way.

libxml2
CVE-2016-1833 : Mateusz Jurczyk

CVE-2016-1834 : Apple

CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-1838 : Mateusz Jurczyk

CVE-2016-1839 : Mateusz Jurczyk

CVE-2016-1840 : Kostya Serebryany

libxslt
CVE-2016-1841 : Sebastian Apelt

As far I'm aware, other than the Apple release notes, there isn't public information on these issues.

Thanks,

Chris
--

Chris Green <greencm gmail com>

Follow-Ups:
- Re: [xml] Recent libxml2 CVE assignments
  - From: Baruch Siach

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]