https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Adam Mariš <amaris(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1277147 Depends On| |1277149 Depends On| |1277150 --- Comment #1 from Adam Mariš <amaris(a)redhat.com&gt; --- Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1277147] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1277147 [Bug 1277147] libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149 [Bug 1277149] mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277150 [Bug 1277150] mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=002I6vKEdk&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Adam Mariš <amaris(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1277152 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NJfQi6GXgC&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 --- Comment #3 from Martin Prpic <mprpic(a)redhat.com&gt; --- Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Gp5AhSdw2r&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Daniel Veillard <veillard(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #5 from Daniel Veillard <veillard(a)redhat.com&gt; --- So lzma support in 2.9.2 seems to be broken that's why Fedora seems not affected. But the bug is present since all version 2.8.0 onward. Seems I managed to get a first fix for the issue, I will add as attachment Daniel -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bNxLxIST9Y&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug 1277146 depends on bug 1277147, which changed state. Bug 1277147 Summary: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277147 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=r62G5Po1Hk&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Martin Prpic <mprpic(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2015-8035 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TTDBV4hL59&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1274223 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3D2xvZ6x55&a=cc_unsubscribe

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug 1277146 depends on bug 1277149, which changed state. Bug 1277149 Summary: CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1277149 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Timothy Walsh <twalsh(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |1102,reported=20151102,sour |1102,reported=20151102,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,r |V:N/AC:M/Au:N/C:N/I:N/A:P,r |hel-5/libxml2=notaffected,r |hel-5/libxml2=notaffected,r |hel-6/libxml2=notaffected,r |hel-6/libxml2=notaffected,r |hel-7/libxml2=affected,jbos |hel-7/libxml2=affected,jbos |s/libxml2=affected,fedora-a |s/libxml2=affected,jbews-2/ |ll/libxml2=affected,fedora- |libxml2=wontfix,jbews-3/lib |all/mingw-libxml2=notaffect |xml2=affected,fedora-all/li |ed,epel-7/mingw-libxml2=not |bxml2=affected,fedora-all/m |affected |ingw-libxml2=notaffected,ep | |el-7/mingw-libxml2=notaffec | |ted -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 --- Doc Text *updated* by Timothy Walsh <twalsh(a)redhat.com&gt; --- A vulnerability in libxml2 was found that caused a Dos when parsing specially crafted XML document with XZ support is enabled. -- You are receiving this mail because: You are on the CC list for the bug.

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 --- Doc Text *updated* by Martin Prpic <mprpic(a)redhat.com&gt; --- A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. -- You are receiving this mail because: You are on the CC list for the bug.