FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- Enforce the reader to run in constant memory

Affected packages
libxml2 < 2.9.2_3
linux-c6-libxml2 < 2.7.6_5
* <= linux-f10-libxml2

Details

VuXML ID 9c7177ff-1fe1-11e5-9a01-bcaec565249c
Discovery 2015-04-14
Entry 2015-07-01
Modified 2016-01-31

Daniel Veilland reports:

Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect.

References

CVE Name CVE-2015-1819
URL https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9