** Also affects: libxml2 (Ubuntu Hirsute)
Importance: High
Status: Confirmed
** Changed in: libxml2 (Ubuntu Hirsute)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1895839
Title:
CVE-2020-24977
Status in libxml2 package in Ubuntu:
Fix Released
Status in libxml2 source package in Hirsute:
Fix Released
Status in libxml2 package in Debian:
Fix Released
Bug description:
GNOME project libxml2 v2.9.10 and earlier have a global buffer over-
read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
Bug report: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1895839/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
