PublicDateAtUSN: 2015-11-18
Candidate: CVE-2015-8241
PublicDate: 2015-12-15 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
 http://www.openwall.com/lists/oss-security/2015/11/17/5
 https://ubuntu.com/security/notices/USN-2834-1
Description:
 The xmlNextChar function in libxml2 2.9.2 does not properly check the
 state, which allows context-dependent attackers to cause a denial of
 service (heap-based buffer over-read and application crash) or obtain
 sensitive information via crafted XML data.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=756263
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806384
Priority: low
Discovered-by: Hugh Davenport
Assigned-to: mdeslaur
CVSS: 

Patches_libxml2:
 upstream: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
upstream_libxml2: released (2.9.3)
precise_libxml2: released (2.7.8.dfsg-5.1ubuntu4.13)
trusty_libxml2: released (2.9.1+dfsg1-3ubuntu4.6)
trusty/esm_libxml2: released (2.9.1+dfsg1-3ubuntu4.6)
vivid_libxml2: released (2.9.2+dfsg1-3ubuntu0.2)
wily_libxml2: released (2.9.2+zdfsg1-4ubuntu0.2)
devel_libxml2: released (2.9.2+zdfsg1-4ubuntu2)
vivid/stable-phone-overlay_libxml2: released (2.9.2+dfsg1-3ubuntu0.2)
vivid/ubuntu-core_libxml2: DNE