[Secure-testing-team] Bug#825855: mxml: CVE-2016-4570 CVE-2016-4571: Stack exhaustion
Salvatore Bonaccorso
carnil at debian.org
Mon May 30 19:41:10 UTC 2016
Source: mxml
Version: 2.6-2
Severity: important
Tags: security upstream
Forwarded: http://www.msweet.org/bugs.php?U549
Hi,
the following vulnerabilities were published for mxml.
CVE-2016-4570[0]:
Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)
CVE-2016-4571[1]:
Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-4570
[1] https://security-tracker.debian.org/tracker/CVE-2016-4571
[2] http://www.msweet.org/bugs.php?U549
[3] http://seclists.org/oss-sec/2016/q2/276
[4] http://seclists.org/oss-sec/2016/q2/325
Regards,
Salvatore
More information about the Secure-testing-team
mailing list