File _patchinfo of Package patchinfo.1698
<patchinfo incident="1698">
<issue id="928193" tracker="bnc">VUL-1: CVE-2015-1819: libxml2: denial of service processing a crafted XML document</issue>
<issue id="951734" tracker="bnc">VUL-1: CVE-2015-7941: libxml2: Crafted xml causes out of bound memory access</issue>
<issue id="951735" tracker="bnc">VUL-1: CVE-2015-7942: libxml2: heap-buffer-overflow in xmlParseConditionalSections</issue>
<issue id="956018" tracker="bnc">VUL-1: CVE-2015-8241: libxml2: Buffer overread with XML parser in xmlNextChar</issue>
<issue id="956021" tracker="bnc">VUL-1: CVE-2015-8242: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode</issue>
<issue id="957105" tracker="bnc">VUL-1: CVE-2015-5312: libxml2: Another entity expansion issue</issue>
<issue id="957106" tracker="bnc">VUL-1: CVE-2015-7497: libxml2: heap buffer overflow in xmlDictComputeFastQKey</issue>
<issue id="957107" tracker="bnc">VUL-1: CVE-2015-7498: libxml2: processes entities after encoding conversion failures</issue>
<issue id="957109" tracker="bnc">VUL-1: CVE-2015-7499: libxml2: Add xmlHaltParser() to stop the parser / Detect incoherency on GROW</issue>
<issue id="956260" tracker="bnc">VUL-1: CVE-2015-8317: libxml2: Several out of bounds reads</issue>
<issue id="954429" tracker="bnc">VUL-1: CVE-2015-8035: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled</issue>
<issue id="957110" tracker="bnc">VUL-1: CVE-2015-7500: libxml2: Fix memory access error due to incorrect entities boundaries</issue>
<issue id="CVE-2015-7497" tracker="cve" />
<issue id="CVE-2015-7500" tracker="cve" />
<issue id="CVE-2015-8241" tracker="cve" />
<issue id="CVE-2015-7499" tracker="cve" />
<issue id="CVE-2015-7498" tracker="cve" />
<issue id="CVE-2015-8242" tracker="cve" />
<issue id="CVE-2015-1819" tracker="cve" />
<issue id="CVE-2015-8035" tracker="cve" />
<issue id="CVE-2015-5312" tracker="cve" />
<issue id="CVE-2015-8317" tracker="cve" />
<issue id="CVE-2015-7942" tracker="cve" />
<issue id="CVE-2015-7941" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>kstreitova</packager>
<description>- security update:
This update fixes the following security issues:
* CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193]
* CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734]
* CVE-2015-7942 Fix another variation of overflow in Conditional sections [bnc#951735]
* CVE-2015-8241 Avoid extra processing of MarkupDecl when EOF [bnc#956018]
* CVE-2015-8242 Buffer overead with HTML parser in push mode [bnc#956021]
* CVE-2015-8317 Return if the encoding declaration is broken or encoding conversion failed [bnc#956260]
* CVE-2015-5312 Fix another entity expansion issue [bnc#957105]
* CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey [bnc#957106]
* CVE-2015-7498 Processes entities after encoding conversion failures [bnc#957107]
* CVE-2015-7499 Add xmlHaltParser() to stop the parser / Detect incoherency on GROW [bnc#957109]
* CVE-2015-8317 Multiple out-of-bound read could lead to denial of service [bnc#956260]
* CVE-2015-8035 DoS when parsing specially crafted XML document if XZ support is enabled [bnc#954429]
* CVE-2015-7500 Fix memory access error due to incorrect entities boundaries [bnc#957110]
</description>
<summary>Security update for libxml2</summary>
</patchinfo>
