File _patchinfo of Package patchinfo.4815
<patchinfo incident="4815"> <issue id="1039069" tracker="bnc"></issue> <issue id="1039064" tracker="bnc">VUL-0: CVE-2017-9048: libxml2: stack overflow vulnerability strcat two more characters without checking whether the current strlen(buf) + 2 < size (xmlSnprintfElementContent func in valid.c)</issue> <issue id="1039066" tracker="bnc">VUL-0: CVE-2017-9049: libxml2: heap-based buffer overflow (xmlDictComputeFastKey func)</issue> <issue id="1039661" tracker="bnc"> VUL-0: CVE-2017-9050: libxml2: heap-based buffer over-read in function xmlDictAddString</issue> <issue id="1039063" tracker="bnc">VUL-0: CVE-2017-9047: libxml2: stack overflow vulnerability (xmlSnprintfElementContent func in valid.c)</issue> <issue id="981114" tracker="bnc">VUL-0: CVE-2016-1839: libxml2: Heap-based buffer overread in xmlDictAddString</issue> <issue id="2017-9047" tracker="cve" /> <issue id="2017-9048" tracker="cve" /> <issue id="2017-9049" tracker="cve" /> <issue id="2017-9050" tracker="cve" /> <issue id="2016-1839" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pmonrealgonzalez</packager> <description> This update for libxml2 fixes the following issues: - CVE-2017-9047, CVE-2017-9048: The function xmlSnprintfElementContent in valid.c was vulnerable to a stack buffer overflow (bsc#1039063, bsc#1039064) - CVE-2017-9049: The function xmlDictComputeFastKey in dict.c was vulnerable to a heap-based buffer over-read. (bsc#1039066) - CVE-2017-9050: The function xmlDictAddString was vulnerable to a heap-based buffer over-read (bsc#1039661) - CVE-2016-1839: heap-based buffer overflow (xmlDictAddString func) (bnc#1039069) </description> <summary>Security update for libxml2</summary> </patchinfo>
