Stack-based buffer overread vulnerability with HTML parser in push mode in xmlSAX2TextNode causing segmentation fault when compiled with ASAN. Upstream bug (containing reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756372
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1281951]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1281952] Affects: epel-7 [bug 1281953]
Acknowledgments: Name: the GNOME project Upstream: Hugh Davenport
CVE assignment: http://openwall.com/lists/oss-security/2015/11/18/23
Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:2549 https://rhn.redhat.com/errata/RHSA-2015-2549.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2550 https://rhn.redhat.com/errata/RHSA-2015-2550.html
This issue has been addressed in the following products: Via RHSA-2016:1089 https://rhn.redhat.com/errata/RHSA-2016-1089.html
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days