Ops One AG

You can subscribe via email or RSS

Friday 1st December 2017

Debian 7 Updates: libxml2, scheduled 1 year ago

Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy11
CVE ID : CVE-2017-16931 CVE-2017-16932

CVE-2017-16931

 parser.c in libxml2 before 2.9.5 mishandles parameter-entity
 references because the NEXTL macro calls the
 xmlParserHandlePEReference function in the case of a '%' character
 in a DTD name.

CVE-2017-16932

 parser.c in libxml2 before 2.9.5 does not prevent infinite
 recursion in parameter entities.