Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libxml2: CVE-2016-4483

Related Vulnerabilities: CVE-2016-4483   CVE-2016-1762   CVE-2016-1834   CVE-2016-3705   CVE-2016-1840   CVE-2016-1838   CVE-2016-1839   CVE-2015-8806   CVE-2016-2073   CVE-2016-1836   CVE-2016-4449   CVE-2016-1837   CVE-2016-1835   CVE-2016-4447   CVE-2016-1833   CVE-2016-3627  

Source

Debian Bug report logs - #823405
libxml2: CVE-2016-4483

version graph

Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 4 May 2016 12:33:02 UTC

Severity: important

Tags: security, upstream

Found in versions libxml2/2.8.0+dfsg1-7, libxml2/2.8.0+dfsg1-5

Fixed in versions libxml2/2.9.3+dfsg1-1.1, libxml2/2.9.1+dfsg1-5+deb8u2

Done: Salvatore Bonaccorso <carnil@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#823405; Package src:libxml2. (Wed, 04 May 2016 12:33:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>. (Wed, 04 May 2016 12:33:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxml2: CVE-2016-4483
Date: Wed, 04 May 2016 14:30:00 +0200
Source: libxml2
Version: 2.8.0+dfsg1-7
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for libxml2.

CVE-2016-4483[0]:
No description was found (try on a search engine)

At time of CVE assignment and reporting no patch was yet available.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-4483

Regards,
Salvatore

Marked as found in versions libxml2/2.7.8+dfsg1-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 04 May 2016 12:42:09 GMT) (full text, mbox, link).

No longer marked as found in versions libxml2/2.7.8+dfsg1-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 14 May 2016 06:39:06 GMT) (full text, mbox, link).

Marked as found in versions libxml2/2.8.0+dfsg1-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 14 May 2016 06:39:07 GMT) (full text, mbox, link).

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Thu, 02 Jun 2016 06:24:17 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Thu, 02 Jun 2016 06:24:17 GMT) (full text, mbox, link).

Message #16 received at 823405-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 823405-close@bugs.debian.org
Subject: Bug#823405: fixed in libxml2 2.9.3+dfsg1-1.1
Date: Thu, 02 Jun 2016 06:21:25 +0000
Source: libxml2
Source-Version: 2.9.3+dfsg1-1.1

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823405@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 May 2016 06:51:08 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: source
Version: 2.9.3+dfsg1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 812807 813613 819006 823405 823414
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.3+dfsg1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
   * heap-buffer-overflow in xmlStrncat (CVE-2016-1834)
   * Add missing increments of recursion depth counter to XML parser
     (CVE-2016-3705) (Closes: #823414)
   * Avoid an out of bound access when serializing malformed strings
     (CVE-2016-4483) (Closes: #823405)
   * Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)
   * Heap-based buffer overread in xmlParserPrintFileContextInternal
     (CVE-2016-1838)
   * Heap-based buffer overread in xmlDictAddString (CVE-2016-1839
     CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807)
   * Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)
   * Fix inappropriate fetch of entities content (CVE-2016-4449)
   * Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral
     (CVE-2016-1837)
   * Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
   * Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
   * Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
   * Avoid building recursive entities (CVE-2016-3627) (Closes: #819006)
Checksums-Sha1: 
 b71f106c35efd70433b37368ee862ac9752aa349 2583 libxml2_2.9.3+dfsg1-1.1.dsc
 3e6cf816b41f9e3f70520096be8da0cb738804a8 39456 libxml2_2.9.3+dfsg1-1.1.debian.tar.xz
Checksums-Sha256: 
 50fc6db96e8f890262706c010c71bf771729a3768c2b9a44eb3b6c98313097d4 2583 libxml2_2.9.3+dfsg1-1.1.dsc
 51889d4f48812d602fc107b5ed3b94903f8bfddf05e1624a8cb4bc07c36fdc28 39456 libxml2_2.9.3+dfsg1-1.1.debian.tar.xz
Files: 
 a8c5193060dc99c9882e5458826db04e 2583 libs optional libxml2_2.9.3+dfsg1-1.1.dsc
 90f7f502b79ef1637b9962a3cea09c49 39456 libs optional libxml2_2.9.3+dfsg1-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXSSiKAAoJEAVMuPMTQ89ECJ0P/2u871OO4pgfeAqHDgA8LuIB
xYgUviq+QSVh4E/6Ofl4Nqtvymh4Au0nwapVkmPrPvDP4ABHmHWoAIDViwXTqGPD
/PvjZJlvH2PcF2SG/IQB12+TXfunbHd+eNruPeooQzIIusc5bC5aErfQyIsj79Gz
uwHUuuVehxEhkDTkVfZ+cTzhVWwIjd9mnrGp8O05Ud7LYR02X3eIY94ic6BGAQEt
RZS8WUcyUvqnZ/YPObZWUgbMMDsEFIht4Jsh9PbWTjjgxsgfxna6hzOPjFnESvse
M5O/e1UjoHQsdTr0/MMRu3WUMssvUhrsQYSeHUN9eTDSWprW66YIwa277FRk+06o
chV18BstB9nadpdiJgY3EdUJ/xsnIdTjni9zG8EXGOaQUNByC/53uiwXO+/+hpbp
EP6nNFEmaReiFcY1FJS/XFFlfXiGZrgSvdOYSXvQLfABapdZ0MWZ+YeA71RWKYE9
VnQL/9lml0c2RflDyYdJFsStmzFkT3UCVxNoQP9+XX9MTG+YsrOYo6+FoR0XzZne
WTu35rKiwCm107lqE3Q/L7il0TvAKSop2FgJPZC9Qscdz9aUWAwMF6C3dX0eRgnI
8hfHxvxoKpeOTa4RkLd7LxPwLJoGOQ8McTG3xy2tVjB7WvXIVS3/zbVqxwV8F1cn
BsEi51AsXIzn9NoPsqH5
=0VWR
-----END PGP SIGNATURE-----

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sun, 05 Jun 2016 17:21:17 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sun, 05 Jun 2016 17:21:17 GMT) (full text, mbox, link).

Message #21 received at 823405-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 823405-close@bugs.debian.org
Subject: Bug#823405: fixed in libxml2 2.9.1+dfsg1-5+deb8u2
Date: Sun, 05 Jun 2016 17:18:22 +0000
Source: libxml2
Source-Version: 2.9.1+dfsg1-5+deb8u2

We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823405@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxml2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 May 2016 06:56:40 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: all source
Version: 2.9.1+dfsg1-5+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 812807 813613 819006 823405 823414
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.1+dfsg1-5+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
   * heap-buffer-overflow in xmlStrncat (CVE-2016-1834)
   * Add missing increments of recursion depth counter to XML parser
     (CVE-2016-3705) (Closes: #823414)
   * Avoid an out of bound access when serializing malformed strings
     (CVE-2016-4483) (Closes: #823405)
   * Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840)
   * Heap-based buffer overread in xmlParserPrintFileContextInternal
     (CVE-2016-1838)
   * Heap-based buffer overread in xmlDictAddString (CVE-2016-1839
     CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807)
   * Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836)
   * Fix inappropriate fetch of entities content (CVE-2016-4449)
   * Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral
     (CVE-2016-1837)
   * Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
   * Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
   * Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
   * Avoid building recursive entities (CVE-2016-3627) (Closes: #819006)
Checksums-Sha1: 
 09f25ba5032fe276316f25b2f2845a9f41666130 2591 libxml2_2.9.1+dfsg1-5+deb8u2.dsc
 307d1a803dbb46731fd37ba2796a8901607dc5b8 62880 libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz
 539ba130fbe761bf6ae8608b7e03f49cf99833a0 814510 libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb
Checksums-Sha256: 
 a3bdc94653d45c2095f9bab65c46b5c7ab2bb63c31e1b41ad6190eca66f7e717 2591 libxml2_2.9.1+dfsg1-5+deb8u2.dsc
 5440d0031fc34880733fec681bf3e5acf3630b5412ae0731e6418f68ca2d0b81 62880 libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz
 fc8ef4b331ba5fff28436581aea8f9ac8069b633a7b74765cdf38aff89601c1d 814510 libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb
Files: 
 517aa199d7166cdca33b83003bca8aca 2591 libs optional libxml2_2.9.1+dfsg1-5+deb8u2.dsc
 3d72631c0f0fdae4b49764d8ad8e958d 62880 libs optional libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz
 e3049d4681201d19bd5a9ebdf1d961cd 814510 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXSScJAAoJEAVMuPMTQ89ESjcQAJWjj2LVXItdXF69FNTOOynb
Bm8Lm0zP0rpBp381ArvIO5VhUyUxI2Znp/yJbhcCtk0keEpdnwrXy7vF8FWKrtbg
GeprvF7u8d3QAr3zzJ39LDoHyrJVr1XEcpIAYpJln1jnRsFPWEnh4+FVo9Uh+Pxw
7psefF9QwWqyzGNoxmupQ3oHAsezGPII+HU7yLWAMabQrSbcCn9y6DMk54QkBwrI
J1X7D8veDDwn0toxZmpGC7yAdfvHuBv3uw7dQPiBPIFfvVnTTvnc2kHLaUH1NSPS
IfItwub2SoTrKCcidfSnA+NGKMVZPr0u7pocq3DIoXRgpJbfV7DhWvNDKE6hensn
HYJ4gjXx9RVZmt6OUphR2Wf1WlDrC6ezS2tBBQ5lUUW/OOg3AF6ml5FcgdxiuP/q
e78TO0pkxkECTVgbll+WAut7H+HyIaPsI81UY564YtSg5xQTWdlywwQhmlxylWV/
a86BcWARjaYHQiave/2Mm/oxl/j0ivTEo/ok787fT2FExRE2ofGeJNxqe13X3d36
G543GNjt8wJi6TEatDF0semb1zbTqtC5xtdEg/tBjwYgm7wlifDW0lUI+s5p3Z2C
VGoXEZx4Uc3mOaq3QuakIRPtVI4a+Sst8SfxtZydqnYRO+WpbY3KfbBnXhgzThpH
RWh9XtQB2OXT6ffvlD6X
=k3h5
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 08 Jul 2016 07:30:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:16:01 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started