Bug 1579558 (CVE-2018-11210)
| Summary: | CVE-2018-11210 tinyxml2: heap-based buffer over-read in the XMLDocument::Parse function | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | dominik, logans, mrceresa, rhel8-maint, richmattes |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-10 10:23:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1579559, 1579560, 1579561 | ||
| Bug Blocks: | |||
|
Description
Laura Pardo
2018-05-17 22:40:24 UTC
Created tinyxml2 tracking bugs for this issue: Affects: epel-all [bug 1579560] Affects: fedora-all [bug 1579559] It looks like this bug was closed upstream citing the fact that this was an incorrect use of the API. Should we still try to look for ways to mitigate the issue, or defer to upstream and close these bugs out? |