Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-8710

Published: 23 December 2015

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Notes

AuthorNote
jdstrand
these missed OTA9 in vivid/stable-phone-overlay and should be
included in OTA9.5 via https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-snapshot/+packages
these landed in rc-proposed r385 on krillin:
http://people.canonical.com/~lzemczak/landing-team/ubuntu-touch/rc-proposed/ubuntu/krillin/385.commitlog

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
vivid
Released (2.9.2+dfsg1-3ubuntu0.3)
upstream
Released (2.9.2+really2.9.1+dfsg1-0.1)
precise
Released (2.7.8.dfsg-5.1ubuntu4.14)
trusty
Released (2.9.1+dfsg1-3ubuntu4.7)
wily
Released (2.9.2+zdfsg1-4ubuntu0.3)
Patches:
upstream: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c