Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

libxml2 vulnerability CVE-2016-9318 #77

Open
ipuustin opened this issue Dec 9, 2016 · 1 comment
Open

libxml2 vulnerability CVE-2016-9318 #77

ipuustin opened this issue Dec 9, 2016 · 1 comment
Labels
bug

Comments

@ipuustin
Copy link
Contributor

ipuustin commented Dec 9, 2016

See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 and https://bugzilla.gnome.org/show_bug.cgi?id=772726 . The initial CVSSv3 vulnerabiilty score is 7.8 (high).
@ipuustin
Copy link
Contributor Author

ipuustin commented Dec 9, 2016

libxml2 is a widely used component in the distribution (11 direct reverse dependencies), so it's difficult to estimate the vulnerability score. However, at least libsoup will parse network-provided xml files. It's safe to assume that the vulnerabilty score will be high. The fix to the bug appears to be still not merged to libxml2 git repository.

@mythi mythi added the bug label Dec 13, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ipuustin @mythi