File _patchinfo of Package patchinfo.4904
<patchinfo incident="4904"> <issue id="1039064" tracker="bnc">VUL-0: CVE-2017-9048: libxml2: stack overflow vulnerability strcat two more characters without checking whether the current strlen(buf) + 2 < size (xmlSnprintfElementContent func in valid.c)</issue> <issue id="1039066" tracker="bnc">VUL-0: CVE-2017-9049: libxml2: heap-based buffer overflow (xmlDictComputeFastKey func)</issue> <issue id="1039661" tracker="bnc">VUL-0: CVE-2017-9050: libxml2: heap-based buffer over-read in function xmlDictAddString</issue> <issue id="1039069" tracker="bnc">VUL-0: libxml2: heap-based buffer overflow (xmlDictAddString func)</issue> <issue id="1039063" tracker="bnc">VUL-0: CVE-2017-9047: libxml2: stack overflow vulnerability (xmlSnprintfElementContent func in valid.c)</issue> <issue id="2017-9049" tracker="cve" /> <issue id="2017-9048" tracker="cve" /> <issue id="2017-9050" tracker="cve" /> <issue id="2017-9047" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pmonrealgonzalez</packager> <description>This update for libxml2 fixes the following security issues: * CVE-2017-9050: A heap-based buffer over-read in xmlDictAddString (bsc#1039069, bsc#1039661) * CVE-2017-9049: A heap-based buffer overflow in xmlDictComputeFastKey (bsc#1039066) * CVE-2017-9048: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039063) * CVE-2017-9047: A stack overflow vulnerability in xmlSnprintfElementContent (bsc#1039064) </description> <summary>Security update for libxml2</summary> </patchinfo>
