Source: libxml2 Version: 2.9.4+dfsg1-2.2 Severity: important Tags: upstream security Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=781205
Hi, the following vulnerability was published for libxml2. CVE-2017-9049[0]: | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based | buffer over-read in the xmlDictComputeFastKey function in dict.c. This | vulnerability causes programs that use libxml2, such as PHP, to crash. | This vulnerability exists because of an incomplete fix for libxml2 Bug | 759398. As per [1] this corresponds to (a yet closed) upstream report [2]. The [1] posting contains a proposed patch (which is not yet upstream acked). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9049 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049 [1] http://www.openwall.com/lists/oss-security/2017/05/15/1 [2] https://bugzilla.gnome.org/show_bug.cgi?id=781205 Please adjust the affected versions in the BTS as needed. Regards, Salvatore