AVG-1263 log

Package libxml2
Status Fixed
Severity Medium
Type multiple issues
Affected 2.9.10-5
Fixed 2.9.10-6
Current 2.9.12-2 [extra]
Ticket FS#68510
Created Wed Nov 4 13:29:01 2020
Issue Severity Remote Type Description
CVE-2020-24977 Medium Yes Information disclosure
GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
CVE-2020-7595 Medium Yes Denial of service
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 Medium Yes Denial of service
A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed...
Date Advisory Package Type
17 Nov 2020 ASA-202011-15 libxml2 multiple issues
Notes
Something went wrong and the patch for CVE-2020-24977 has not been applied in 2.9.10-3..