Date: Wed, 25 May 2016 12:29:04 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: 3 libxml2 issues Hi All, The following issues were reported to us: 1. CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName https://bugzilla.redhat.com/show_bug.cgi?id=1338686 2. CVE-2016-4448 libxml2: Format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1338700 3. CVE-2016-4449 libxml2: Inappropriate fetch of entities content https://bugzilla.redhat.com/show_bug.cgi?id=1338701 Each of the Red Hat bugs , contain links to the commits which fix these issues. (The upstream bugs are currently private) -- Huzaifa Sidhpurwala / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ