[SECURITY] [DLA 355-1] libxml2 security update

2015-11-29T23:00:36
ID DEBIAN:DLA-355-1:F71E7
Type debian
Reporter Debian
Modified 2015-11-29T23:00:36

Description

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze15 CVE ID : CVE-2015-8241 CVE-2015-8317 Debian Bug : 806384

CVE-2015-8241 Buffer overread with XML parser in xmlNextChar

CVE-2015-8317 - issues in the xmlParseXMLDecl function: If we fail conversing the current input stream while processing the encoding declaration of the XMLDecl then it's safer to just abort there and not try to report further errors. - If the string is not properly terminated do not try to convert to the given encoding.

Additional fix for off by one error in previous patch for CVE-2015-7942 (thanks to Salvatore for spotting this)