libxml2: out-of-bounds read
Are there any details available for this? Upsteam bug, commit reference?
(In reply to Salvatore Bonaccorso from comment #2)
> Are there any details available for this? Upsteam bug, commit reference?
Referring to https://bugzilla.redhat.com/show_bug.cgi?id=1408302#c4
CVE-2016-9598 was assigned for incomplete fix of CVE-2016-4483, however that was closed as duplicate of CVE-2016-3627. That actually makes this CVE a duplicate of CVE-2016-9596 since that one was assigned for incomplete fix of CVE-2016-3627.
Hence I suggest to close this one as duplicate of CVE-2016-9596. Would that work for you?
This CVE id is for the same issue as CVE-2016-4483 (bug 1332820). This additional CVE was assigned because the original issue was listed as fixed in RHSA-2016:2957 for the Red Hat JBoss Core Services:
However, that erratum actually failed to include the fix for the issue.
Therefore, this new CVE is specific to the Red Hat JBoss Core Services product and is better described as: missing/incorrect fix for CVE-2016-4483 in the Red Hat JBoss Core Services.
This issue has been addressed in the following products:
Red Hat JBoss Core Services
Via RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:2486