https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Martin Prpic <mprpic(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1276298 Depends On| |1276299 Depends On| |1276300 --- Comment #1 from Martin Prpic <mprpic(a)redhat.com&gt; --- Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1276298] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1276298 [Bug 1276298] CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299 [Bug 1276299] CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276300 [Bug 1276300] CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Y2NSPkU6qs&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 --- Comment #3 from Adam Mariš <amaris(a)redhat.com&gt; --- Upstream patches: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c... https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=i4bGnEYjH6&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1286495 Depends On| |1286496 Depends On| |1286497 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=V1XRWgGONU&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 --- Comment #9 from errata-xmlrpc <errata-xmlrpc(a)redhat.com&gt; --- This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=luhphYoADj&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Bug 1276297 depends on bug 1276299, which changed state. Bug 1276299 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1276299 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Timothy Walsh <twalsh(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1022,reported=20151022,sour |1022,reported=20151022,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |we=CWE-122,rhel-4/libxml2=a |we=CWE-122,rhel-4/libxml2=a |ffected,rhel-5/libxml2=affe |ffected,rhel-5/libxml2=affe |cted,rhel-6/libxml2=affecte |cted,rhel-6/libxml2=affecte |d,rhel-7/libxml2=affected,j |d,rhel-7/libxml2=affected,j |boss/libxml2=affected,fedor |boss/libxml2=affected,jbews |a-all/libxml2=affected,fedo |-2/libxml2=wontfix,jbews-3/ |ra-all/mingw-libxml2=affect |libxml2=affected,fedora-all |ed,epel-7/mingw-libxml2=aff |/libxml2=affected,fedora-al |ected |l/mingw-libxml2=affected,ep | |el-7/mingw-libxml2=affected -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 --- Doc Text *updated* by Timothy Walsh <twalsh(a)redhat.com&gt; --- A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 --- Doc Text *updated* by Timothy Walsh <twalsh(a)redhat.com&gt; --- A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service. -- You are receiving this mail because: You are on the CC list for the bug.