[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
Please note that upstream has indicated that this issue only affects the xmllint binary, and not the shared library. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: Fix Released Status in libxml2 source package in Hirsute: Fix Released Status in libxml2 package in Debian: Fix Released Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Also affects: libxml2 (Ubuntu Hirsute) Importance: High Status: Confirmed ** Changed in: libxml2 (Ubuntu Hirsute) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: Fix Released Status in libxml2 source package in Hirsute: Fix Released Status in libxml2 package in Debian: Fix Released Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Changed in: libxml2 (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: Confirmed Status in libxml2 package in Debian: Fix Released Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Changed in: libxml2 (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: Confirmed Status in libxml2 package in Debian: Unknown Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Changed in: libxml2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: Confirmed Status in libxml2 package in Debian: Unknown Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Description changed: + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 - Upstream patch: - https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + Upstream patch: + https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 - GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read - vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. + Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Status in libxml2 package in Debian: Unknown Bug description: GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Description changed: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 + + GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read + vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Status in libxml2 package in Debian: Unknown Bug description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 GNOME project libxml2 v2.9.10 and earlier have a global buffer over- read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Bug watch added: Debian Bug tracker #969529 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529 ** Also affects: libxml2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Status in libxml2 package in Debian: Unknown Bug description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1895839] Re: CVE-2020-24977
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2 package in Ubuntu: New Bug description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977 Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8e7c20a1af8776677d7890f30b7a180567701a49 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp