Ops One AG platform status and maintenance announcements. Times are indicated in local Swiss time. https://opsone.ch/.

Friday 1st December 2017

Debian 7 Updates: libxml2, scheduled 7 years ago

Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy11
CVE ID : CVE-2017-16931 CVE-2017-16932

CVE-2017-16931

 parser.c in libxml2 before 2.9.5 mishandles parameter-entity
 references because the NEXTL macro calls the
 xmlParserHandlePEReference function in the case of a '%' character
 in a DTD name.

CVE-2017-16932

 parser.c in libxml2 before 2.9.5 does not prevent infinite
 recursion in parameter entities.