Univention Bugzilla – Bug 45754
libxml-libxml-perl: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:40 CEST
Upstream Debian package version 2.0116+dfsg-1+deb8u2 fixes: * A use-after-free vulnerability was discovered in XML::LibXML, which allows an attacker to execute arbitrary code by controlling the arguments to a replaceChild() call (CVE-2017-10672)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
Must be released with or after Bug #44776: > The following packages have unmet dependencies: > libxml-libxml-perl : Depends: perl (>= 5.20.2-3+deb8u8) but 5.20.2-3+deb8u6A~4.2.0.201702152200 is to be installed 255c983c68 Bug #46158: libxml-libxml-perl 2.0116+dfsg-1+deb8u2
--- mirror/ftp/4.2/unmaintained/4.2-0/source/libxml-libxml-perl_2.0116+dfsg-1+deb8u1.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/libxml-libxml-perl_2.0116+dfsg-1+deb8u2.dsc @@ -1,3 +1,9 @@ +2.0116+dfsg-1+deb8u2 [Sat, 18 Nov 2017 14:14:08 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Team upload. + * CVE-2017-10672: Use-after-free by controlling the arguments to a + replaceChild call (Closes: #866676) + 2.0116+dfsg-1+deb8u1 [Fri, 01 May 2015 12:57:49 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Team upload.
* No UCS specific patches * Comparison to previously shipped version ok * Installation Ok * Advisory Ok (also references Bug 44776)
<http://errata.software-univention.de/ucs/4.2/362.html>