1
PublicDateAtUSN: 2015-10-23
2
Candidate: CVE-2015-7942
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
6
https://usn.ubuntu.com/usn/usn-2812-1
8
The xmlParseConditionalSections function in parser.c in libxml2 does not
9
properly skip intermediary entities when it stops parsing invalid input,
10
which allows context-dependent attackers to cause a denial of service
11
(out-of-bounds read and crash) via crafted XML data, a different
12
vulnerability than CVE-2015-7941.
16
https://bugzilla.gnome.org/show_bug.cgi?id=756456
17
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802827
19
Discovered-by: Kostya Serebryany
23
upstream: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
24
upstream: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
25
upstream_libxml2: released (2.9.2+really2.9.1+dfsg1-0.1)
26
precise_libxml2: released (2.7.8.dfsg-5.1ubuntu4.12)
27
trusty_libxml2: released (2.9.1+dfsg1-3ubuntu4.5)
28
vivid_libxml2: released (2.9.2+dfsg1-3ubuntu0.1)
29
wily_libxml2: released (2.9.2+zdfsg1-4ubuntu0.1)
30
devel_libxml2: released (2.9.2+zdfsg1-4ubuntu1)
31
vivid/stable-phone-overlay_libxml2: released (2.9.2+dfsg1-3ubuntu0.2)
32
vivid/ubuntu-core_libxml2: DNE