Summary: | <dev-libs/libxml2-2.9.4-r3: null pointer dereference when parsing a xml file using recover mode (CVE-2017-5969) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/11/05/3 | ||
See Also: | https://bugzilla.gnome.org/show_bug.cgi?id=778519 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 623206 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-11-08 09:58:31 UTC
Patch for this issue have been pushed in libxml-2.9.4-r2. Please note that: * patches where cherry-picked from upstream master according to information found in this ticket, some patches were harder to find due to upstream blocking access to it. * unittests in the ebuild are actually not being run for a long time certainly due to a problem when porting to multilib. Maybe it existed before, didn't check yet. Anyway, as lots of other security related fixes are pending an upstream release, I pushed this as a stop gap until I get more time to do a proper snapshot and fix these unittests issues. This issue was resolved and addressed in GLSA 201711-01 at https://security.gentoo.org/glsa/201711-01 by GLSA coordinator Christopher Diaz Riveros (chrisadr). |