https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Bug ID: 1262849
Summary: libxml2: Out-of-bounds memory access when parsing
unclosed HTMl comment
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: ama...@redhat.com
CC: athma...@gmail.com, c.davi...@gmail.com,
dr...@land.ru, erik-fed...@vanpienbroek.nl,
fedora-mi...@lists.fedoraproject.org,
kti...@redhat.com, lfar...@lfarkas.org,
ohudl...@redhat.com, rjo...@redhat.com,
veill...@redhat.com
Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment
was found in libxml2. By entering a unclosed html comment such as <!-- the
libxml2 parser didn't stop parsing at the end of the buffer, causing random
memory to be included in the parsed comment.
CVE request:
http://seclists.org/oss-sec/2015/q3/540
Upstream was notified, but patch is not released yet. However, a patch for
nokogiri, which uses embedded libxml2, was proposed:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e86ade8c0...master
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw
