Hi Chris, On Wed, May 18, 2016 at 02:16:26PM -0700, Chris Green wrote: > In the upcoming libxml2 release planned for the 20th, are the below issues > anticipated to be in 2.9.4 final? I don't believe these are in the current > 2.9.4 RCs. > > These two hit an Apple IOS release and then were on the oss-security > mailing list. > > https://bugzilla.gnome.org/show_bug.cgi?id=765207
That is CVE-2016-3705 as Salvatore Bonaccorso notes in a comment. > https://bugzilla.gnome.org/show_bug.cgi?id=762100 This URL is restricted, but the SUSE bug tracking this issue (https://bugzilla.suse.com/show_bug.cgi?id=972335) indicates that it's CVE-2016-3627. > The findings are restricted now but I know it wasn't always that way. > > *libxml2* > CVE-2016-1833 : Mateusz Jurczyk > CVE-2016-1834 : Apple > CVE-2016-1835 : Wei Lei and Liu Yang of Nanyang Technological University > CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University > CVE-2016-1837 : Wei Lei and Liu Yang of Nanyang Technological University > CVE-2016-1838 : Mateusz Jurczyk > CVE-2016-1839 : Mateusz Jurczyk > CVE-2016-1840 : Kostya Serebryany > > *libxslt* > CVE-2016-1841 : Sebastian Apelt > > As far I'm aware, other than the Apple release notes, there isn't public > information on these issues. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
