Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-8872

Published: 10 May 2017

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Notes

AuthorNote
mdeslaur
fix debian used isn't the final upstream fix
Priority

Low

CVSS 3 base score: 9.1

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (2.9.4+dfsg1-6.1ubuntu1)
cosmic
Released (2.9.4+dfsg1-6.1ubuntu1)
disco
Released (2.9.4+dfsg1-6.1ubuntu1)
eoan
Released (2.9.4+dfsg1-6.1ubuntu1)
focal
Released (2.9.4+dfsg1-6.1ubuntu1)
groovy
Released (2.9.4+dfsg1-6.1ubuntu1)
hirsute
Released (2.9.4+dfsg1-6.1ubuntu1)
impish
Released (2.9.4+dfsg1-6.1ubuntu1)
jammy
Released (2.9.4+dfsg1-6.1ubuntu1)
precise Ignored
(end of ESM support, was needed)
trusty
Released (2.9.1+dfsg1-3ubuntu4.13+esm2)
upstream
Released (2.9.4+dfsg1-6.1, 2.9.9)
xenial
Released (2.9.3+dfsg1-1ubuntu0.7+esm1)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407