CVE-2019-15903 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
AVG-1054 thunderbird 68.1.1-1 68.2.0-1 Critical Fixed
AVG-1053 chromium 77.0.3865.120-1 78.0.3904.70-1 High Fixed
Date Advisory Group Package Severity Description
26 Oct 2019 ASA-201910-17 AVG-1053 chromium High multiple issues
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
26 Oct 2019 ASA-201910-15 AVG-1054 thunderbird Critical multiple issues
References
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1004341
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/pull/318