AVG-1263 log
| Package | libxml2 |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.9.10-5 |
| Fixed | 2.9.10-6 |
| Current | 2.15.1-4 [core] |
| Ticket | FS#68510 |
| Created | Wed Nov 4 13:29:01 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-24977 | Medium | Yes | Information disclosure | GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. |
| CVE-2020-7595 | Medium | Yes | Denial of service | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. |
| CVE-2019-20388 | Medium | Yes | Denial of service | A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 17 Nov 2020 | ASA-202011-15 | libxml2 | multiple issues |
| Notes |
|---|
Something went wrong and the patch for CVE-2020-24977 has not been applied in 2.9.10-3.. |