Your submission was sent successfully! Close

CVE-2015-8710

Published: 23 December 2015

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
Upstream
Released (2.9.2+really2.9.1+dfsg1-0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.9.1+dfsg1-3ubuntu4.7)
Patches:
Upstream: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c

Notes

AuthorNote
jdstrand
these missed OTA9 in vivid/stable-phone-overlay and should be
included in OTA9.5 via https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-snapshot/+packages
these landed in rc-proposed r385 on krillin:
http://people.canonical.com/~lzemczak/landing-team/ubuntu-touch/rc-proposed/ubuntu/krillin/385.commitlog

References

Bugs