https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Adam Mariš <amaris(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1281931 Depends On| |1281932 Depends On| |1281933 --- Comment #1 from Adam Mariš <amaris(a)redhat.com&gt; --- Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1281931] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281931 [Bug 1281931] libxml2: Out-of-bounds heap read on 0xff char in xml declaration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281932 [Bug 1281932] mingw-libxml2: libxml2: Out-of-bounds heap read on 0xff char in xml declaration [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1281933 [Bug 1281933] mingw-libxml2: libxml2: Out-of-bounds heap read on 0xff char in xml declaration [epel-7] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SjpkENrDy8&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Adam Mariš <amaris(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1281960 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=R3K8rYkRuV&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Adam Mariš <amaris(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|libxml2: Out-of-bounds heap |libxml2: CVE-2015-8317 |read on 0xff char in xml |Out-of-bounds heap read |declaration |when parsing file with | |unfinished xml declaration Alias| |CVE-2015-8317 --- Comment #4 from Adam Mariš <amaris(a)redhat.com&gt; --- CVE assignment: http://seclists.org/oss-sec/2015/q4/354 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fRYTgZRnUc&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nUZw8uavXm&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=w0yvRviTYx&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 --- Comment #8 from errata-xmlrpc <errata-xmlrpc(a)redhat.com&gt; --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TnVEnSpRoc&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Timothy Walsh <twalsh(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20150629, |impact=low,public=20150629, |reported=20151113,source=re |reported=20151113,source=re |dhat,cvss2=4.3/AV:N/AC:M/Au |dhat,cvss2=4.3/AV:N/AC:M/Au |:N/C:P/I:N/A:N,cwe=CWE-125, |:N/C:P/I:N/A:N,cwe=CWE-125, |rhel-5/libxml2=affected,rhe |rhel-5/libxml2=affected,rhe |l-6/libxml2=affected,rhel-7 |l-6/libxml2=affected,rhel-7 |/libxml2=affected,jboss/lib |/libxml2=affected,jboss/lib |xml2=affected,fedora-all/li |xml2=affected,jbews-2/libxm |bxml2=affected,fedora-all/m |l2=wontfix,jbews-3/libxml2= |ingw-libxml2=affected,epel- |affected,fedora-all/libxml2 |7/mingw-libxml2=affected |=affected,fedora-all/mingw- | |libxml2=affected,epel-7/min | |gw-libxml2=affected -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 --- Doc Text *updated* by Timothy Walsh <twalsh(a)redhat.com&gt; --- An out-of-bounds head read vulnerability was found in libxml2 in the xmlParseXMLDecl function in parser.c that allows context-dependent attackers to obtain sensitive information via an unterminated encoding value or incomplete XML declaration in XML data. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 --- Doc Text *updated* by Martin Prpic <mprpic(a)redhat.com&gt; --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information. -- You are receiving this mail because: You are on the CC list for the bug.