[Bug 1276297] New: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
bugzilla at redhat.com
bugzilla at redhat.com
Thu Oct 29 11:42:52 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Bug ID: 1276297
Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: mprpic at redhat.com
CC: athmanem at gmail.com, c.david86 at gmail.com,
drizt at land.ru, erik-fedora at vanpienbroek.nl,
fedora-mingw at lists.fedoraproject.org,
ktietz at redhat.com, lfarkas at lfarkas.org,
ohudlick at redhat.com, rjones at redhat.com,
veillard at redhat.com
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain
crafted XML input. A remote attacker could provide a specially-crafted XML file
that, when opened in an application linked against libxml2, would cause the
application to crash.
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456
CVE assignment:
http://seclists.org/oss-sec/2015/q4/130
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe
More information about the mingw
mailing list