AVG-56 log

Package libxml2
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 2.9.4+4+g3169602-1
Fixed 2.9.4+12+ge905f08-1
Current 2.13.5-2 [core-testing]
2.13.5-1 [core]
Ticket None
Created Tue Nov 1 11:04:57 2016
Issue Severity Remote Type Description
CVE-2016-5131 Critical Yes Arbitrary code execution
Bugs in xmlXPathEvalExpr and xmlXPtrRangeToFunction can lead to a use- after-free and allow control of the instruction pointer.
CVE-2016-4658 Critical Yes Arbitrary code execution
A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2.
Date Advisory Package Type
01 Nov 2016 ASA-201611-2 libxml2 arbitrary code execution