Opened 8 years ago
Closed 8 years ago
#7793 closed enhancement (fixed)
libxml2 Security Issues
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 7.10 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
As reported on the [oss-security] mailing list today:
CVE-2016-3627
https://bugzilla.gnome.org/show_bug.cgi?id=765207
The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used to call xmlStringDecodeEntities() in a recursive context without incrementing the 'depth' counter in the parser context. Because of that omission, the parser failed to detect attribute recursions in certain documents before running out of stack space.
CVE-2016-3705
https://bugzilla.gnome.org/show_bug.cgi?id=762100
Subject: [PATCH] xmlStringGetNodeList: limit the function to 1024 recursions to avoid CVE-2016-3627
I can happily create a patch to fix these for both books, unless there is any objection. Should be done before Friday.
I can't attach a link to the mailing list entry from my current location, but I should be able to add it later.
Change History (3)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
I will have this done by the end of the weekend (Monday)!
I apologize for the large delay.
Note:
See TracTickets
for help on using tickets.
If there are any objections, please take the ticket from me.