Re: [xml] Recent libxml2 CVE assignments

From: Baruch Siach <baruch tkos co il>
To: Chris Green <greencm gmail com>
Cc: xml gnome org
Subject: Re: [xml] Recent libxml2 CVE assignments
Date: Thu, 19 May 2016 07:55:15 +0300

Hi Chris,

On Wed, May 18, 2016 at 02:16:26PM -0700, Chris Green wrote:

In the upcoming libxml2 release planned for the 20th, are the below issues
anticipated to be in 2.9.4 final? I don't believe these are in the current
2.9.4 RCs.

These two hit an Apple IOS release and then were on the oss-security
mailing list.

https://bugzilla.gnome.org/show_bug.cgi?id=765207


That is CVE-2016-3705 as Salvatore Bonaccorso notes in a comment.

https://bugzilla.gnome.org/show_bug.cgi?id=762100


This URL is restricted, but the SUSE bug tracking this issue 
(https://bugzilla.suse.com/show_bug.cgi?id=972335) indicates that it's 
CVE-2016-3627.

The findings are restricted now but I know it wasn't always that way.

   *libxml2*
   CVE-2016-1833 : Mateusz Jurczyk
   CVE-2016-1834 : Apple
   CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University
   CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University
   CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University
   CVE-2016-1838 : Mateusz Jurczyk
   CVE-2016-1839 : Mateusz Jurczyk
   CVE-2016-1840 : Kostya Serebryany

   *libxslt*
   CVE-2016-1841 : Sebastian Apelt

As far I'm aware, other than the Apple release notes, there isn't public
information on these issues.


baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch tkos co il - tel: +972.2.679.5364, http://www.tkos.co.il -

References:
- [xml] Recent libxml2 CVE assignments
  - From: Chris Green

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]