AVG-1263 log
Package | libxml2 |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2.9.10-5 |
Fixed | 2.9.10-6 |
Current |
2.13.5-2 [core-testing] 2.13.5-1 [core] |
Ticket | FS#68510 |
Created | Wed Nov 4 13:29:01 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-24977 | Medium | Yes | Information disclosure | GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. |
CVE-2020-7595 | Medium | Yes | Denial of service | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. |
CVE-2019-20388 | Medium | Yes | Denial of service | A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed... |
Date | Advisory | Package | Type |
---|---|---|---|
17 Nov 2020 | ASA-202011-15 | libxml2 | multiple issues |
Notes |
---|
Something went wrong and the patch for CVE-2020-24977 has not been applied in 2.9.10-3.. |