1
PublicDateAtUSN: 2015-11-26
2
Candidate: CVE-2015-7499
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
6
https://usn.ubuntu.com/usn/usn-2834-1
8
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2
9
before 2.9.3 allows context-dependent attackers to obtain sensitive process
10
memory information via unspecified vectors.
13
mdeslaur> USN-2834-1 was missing part of the fix for this issue:
16
https://bugzilla.gnome.org/show_bug.cgi?id=756479
17
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1525996
19
Discovered-by: Kostya Serebryany
23
upstream: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
24
upstream: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
25
upstream: https://git.gnome.org/browse/libxml2/commit/?id=ce0b0d0d81fdbb5f722a890432b52d363e4de57b
26
upstream_libxml2: released (2.9.3)
27
precise_libxml2: released (2.7.8.dfsg-5.1ubuntu4.13)
28
trusty_libxml2: released (2.9.1+dfsg1-3ubuntu4.6)
29
vivid_libxml2: released (2.9.2+dfsg1-3ubuntu0.2)
30
wily_libxml2: released (2.9.2+zdfsg1-4ubuntu0.2)
31
devel_libxml2: released (2.9.2+zdfsg1-4ubuntu2)
32
vivid/stable-phone-overlay_libxml2: released (2.9.2+dfsg1-3ubuntu0.2)
33
vivid/ubuntu-core_libxml2: DNE