Back to bug 1332443
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-05-03 08:23:02 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-05-03 08:23:02 UTC | Doc Type | --- | Bug Fix |
| Martin Prpič | 2016-05-03 08:29:06 UTC | Blocks | 1319834 | |
| Andrej Nemec | 2016-05-04 07:30:54 UTC | CC | anemec | |
| Whiteboard | impact=moderate,public=no,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/libxml2=affected,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/libxml2=affected,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | ||
| Andrej Nemec | 2016-05-04 07:31:22 UTC | Summary | EMBARGOED CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file | CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file |
| Andrej Nemec | 2016-05-04 07:31:25 UTC | Group | security, qe_staff | |
| Andrej Nemec | 2016-05-04 07:31:33 UTC | Depends On | 1332831 | |
| Andrej Nemec | 2016-05-04 07:31:42 UTC | Depends On | 1332832 | |
| Andrej Nemec | 2016-05-04 07:31:54 UTC | Depends On | 1332833 | |
| Slawomir Czarko | 2016-05-05 09:06:44 UTC | CC | slawomir | |
| Norman Sardella | 2016-05-11 13:41:20 UTC | CC | sardella | |
| Cedric Buissart | 2016-05-25 08:25:25 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-05-27 06:55:46 UTC | Doc Text | Missing incrementations of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion. | |
| Cedric Buissart | 2016-05-27 07:23:23 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/libxml2=affected,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected |
| Cedric Buissart | 2016-05-27 07:27:09 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-20,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected |
| Cedric Buissart | 2016-05-27 07:37:42 UTC | Blocks | 1319834 | 1332827 |
| Huzaifa S. Sidhpurwala | 2016-05-27 08:00:29 UTC | Depends On | 1340367 | |
| Huzaifa S. Sidhpurwala | 2016-05-27 08:00:37 UTC | Depends On | 1340369 | |
| Huzaifa S. Sidhpurwala | 2016-05-27 08:00:44 UTC | Depends On | 1340370 | |
| Huzaifa S. Sidhpurwala | 2016-05-27 08:00:50 UTC | Depends On | 1340371 | |
| Eric Christensen | 2016-06-01 16:35:02 UTC | Doc Text | Missing incrementations of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion. | Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion. |
| Timothy Walsh | 2016-06-06 05:19:38 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jboss/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jbews-3/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected |
| Timothy Walsh | 2016-06-06 05:19:43 UTC | CC | csutherl, dknox, jclere, lgao, mbabacek, myarboro, twalsh, weli | |
| Timothy Walsh | 2017-01-19 06:55:25 UTC | Blocks | 1395463 | |
| Timothy Walsh | 2017-01-19 07:27:19 UTC | Blocks | 1340339 | |
| Timothy Walsh | 2017-03-08 06:02:34 UTC | Blocks | 1340339 | |
| Timothy Walsh | 2017-03-13 03:38:11 UTC | CC | athmanem, c.david86, erik-fedora, fedora-mingw, gzaronik, ktietz, mturk, rjones | |
| Whiteboard | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jbews-3/libxml2=affected,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jbews-3/libxml2=wontfix,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected,jbcs-1/httpd=affected | ||
| Vishal Pakolu | 2018-05-02 16:21:12 UTC | CC | vpakolu | |
| PnT Account Manager | 2019-05-02 21:51:18 UTC | CC | anemec | |
| Product Security DevOps Team | 2019-06-08 02:51:07 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:51:07 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160426,source=distros,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-674,rhel-5/libxml2=wontfix,rhel-6/libxml2=affected,rhel-7/libxml2=affected,jbews-3/libxml2=wontfix,fedora-all/libxml2=affected,fedora-all/mingw-libxml2=affected,epel-7/mingw-libxml2=affected,jbcs-1/httpd=affected | |
| Stanislav Ochotnicky | 2020-12-15 08:51:50 UTC | See Also | https://issues.redhat.com/browse/JWS-441, https://issues.redhat.com/browse/JBCS-102 |
Back to bug 1332443