Ops One AG

You can subscribe via RSS

Friday 1st December 2017

Debian 7 Updates: libxml2, scheduled 2 years ago

Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy11
CVE ID : CVE-2017-16931 CVE-2017-16932


 parser.c in libxml2 before 2.9.5 mishandles parameter-entity
 references because the NEXTL macro calls the
 xmlParserHandlePEReference function in the case of a '%' character
 in a DTD name.


 parser.c in libxml2 before 2.9.5 does not prevent infinite
 recursion in parameter entities.