[Bug 1276297] New: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1276297

            Bug ID: 1276297
           Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in
                    xmlParseConditionalSections()
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: mpr...@redhat.com
                CC: athma...@gmail.com, c.davi...@gmail.com,
                    dr...@land.ru, erik-fed...@vanpienbroek.nl,
                    fedora-mi...@lists.fedoraproject.org,
                    kti...@redhat.com, lfar...@lfarkas.org,
                    ohudl...@redhat.com, rjo...@redhat.com,
                    veill...@redhat.com



A heap-based buffer overflow flaw was found in the way libxml2 parsed certain
crafted XML input. A remote attacker could provide a specially-crafted XML file
that, when opened in an application linked against libxml2, would cause the
application to crash.

Upstream patch:

https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=756456

CVE assignment:

http://seclists.org/oss-sec/2015/q4/130

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug 
https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw