Possible use after free vulnerability via namespace nodes in XPointer ranges was found.
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1384427]
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1384429]
Affects: epel-7 [bug 1384430]
(In reply to Adam Mariš from comment #0)
> Possible use after free vulnerability via namespace nodes in XPointer ranges
> was found.
> Upstream patch:
We have been monitoring the URL ftp://xmlsoft.org/libxml2/ for the latest release of the official patch of libxml2 containing the patches for the bugs associated with the CVE-2016-4658, CVE-2016-9318 and CVE-2016-9597, but have observed that no binary files have been released yet.
From the URL http://rpmfind.net/linux/RPM/opensuse/updates/leap/42.2/oss/src/libxml2-2.9.4-3.1.src.html we found that a RPM file has been released, but as our requirement is a binary version we can't go for the RPM version.
Could you kindly confirm the ETA for the release of the official libxml2 2.9.4-3.1 binary package containing all the above mentioned patches?
Is this still being considered for a fix? Please let me know.