-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libxml2 Version : 2.7.8.dfsg-2+squeeze16 CVE ID : CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application. CVE-2015-5312: CPU exhaustion when processing specially crafted XML input. CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey. CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl. CVE-2015-7499: Heap-based buffer overflow in xmlGROW. CVE-2015-7500: Heap buffer overflow in xmlParseMisc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJWfpFYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHJKwP/1xnwIvOK3v0EZZL4eKg0voJ vAm9Fu1fWOBmj59vBSxN1GHipdeZ5uQK7/fRI8/WgmMlLbEOZ+4c1Jop4D2djKqp bSTFYeBe7zJBzUZd/gc7gy0Q+xdpBK02s+wGpyAR0nhKdlw/IhwajX1TUMg7RN9r I+UX966sQDVIJxd1fJBn8PeJ4onpCOcWOfGbRWUxmBDJcdFKqCp1h4ss5kUfAeUa BV1XdruNBUl50tn8jG/28LACxEnpACbgQTVqEzZ/QpDPnopoUQpc5yvT7P10adSv 3dJJPWKG8tla9XNemJQAIEEGtEYvoOU8W9/Uvn+Vg83CgEMdp3VDtPAyhtaVJmAM ebcTs/HQzbkYU6J2aCS9r4fNo42BUX05d+fJ6rB0tKIe2mpitlqauJAwGGQcLHri u7WexIMd4A4koXl7gliooiV/R3g3xd3PGCG02KzRgD+wpgnoiFGgcDzSZ0F+3eM7 HXOBOI7HwAZJWTb9RJjoBrevCsO0fQEXF2Yf69AgAGwkYbwV8SNOAgNspEzKV2/x UNKSz972UfxHwjKGQmPSPRIhj5iBRxGDSJGLBchVXkctPQVkHwHankt87ssEfNfY x0ekWbCzGS2bZTtW0DbukNxSumk3pyprsulBmpLy+mUKCtLdUcilHibtHMCZIDkH Ecok3PDXYABmZKHb12pK =DJwq -----END PGP SIGNATURE-----