Debian Bug report logs -
#793484
expat: CVE-2015-1283: Multiple integer overflows in the XML_GetBuffer function
Package:
expat;
Maintainer for expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for expat is src:expat (PTS, buildd, popcon)
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Fri, 24 Jul 201 ...
Synopsis
Moderate: expat security update
Type/Severity
Security Advisory: Moderate
Topic
An update for expat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Moderate: expat security update
Type/Severity
Security Advisory: Moderate
Topic
An update for expat is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Several security issues were fixed in Thunderbird ...
Firefox could be made to crash or run programs as your login if it
opened a malicious website ...
Multiple security issues have been found in Iceweasel, Debian's version
of the Mozilla Firefox web browser: Multiple memory safety errors,
buffer overflows and use-after-frees may lead to the execution of
arbitrary code, privilege escalation or denial of service
For the oldstable distribution (wheezy), these problems have been fixed
in version 31 ...
Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail client: Multiple memory safety errors,
buffer overflows and use-after-frees may lead to the execution of
arbitrary code, privilege escalation or denial of service
For the oldstable distribution (wheezy), these problems have been fixed
in version 3 ...
Buffer overflow in the XML parser in Mozilla Firefox before 380, Firefox ESR 31x before 317, and Thunderbird before 317 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 (CVE-2015-2716) ...
Mozilla Foundation Security Advisory 2015-54
Buffer overflow when parsing compressed XML
Announced
May 12, 2015
Reporter
Ucha Gobejishvili
Impact
Critical
Products
Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird
...
Buffer overflow in the XML parser in Mozilla Firefox before 380, Firefox ESR 31x before 317, and Thunderbird before 317 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283 ...
Tenable's Passive Vulnerability Scanner (PVS) uses third-party libraries to provide certain standardized functionality Four of these libraries were found to contain vulnerabilities and were fixed upstream Those fixes have been integrated despite there being no known exploitation scenarios related to PVS
OpenSSL ssl/statem/statemc read_state_ma ...
Vulmon