Source: libxml2 Version: 2.9.4+dfsg1-2.2 Severity: important Tags: upstream security Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=781361
Hi, the following vulnerability was published for libxml2. CVE-2017-9050[0]: | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based | buffer over-read in the xmlDictAddString function in dict.c. This | vulnerability causes programs that use libxml2, such as PHP, to crash. | This vulnerability exists because of an incomplete fix for | CVE-2016-1839. This corresponds to the last issue mentioned in [1], where although the upstream bug is closed, the posting contains the issue description and a proposed patch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9050 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050 [1] http://www.openwall.com/lists/oss-security/2017/05/15/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
