CVE-2015-8035 (retired)

Priority
Description
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect
compression errors, which allows context-dependent attackers to cause a
denial of service (process hang) via crafted XML data.
Notes
 tyhicks> The test xz file does not trigger the DoS in our 2.9.2 builds.
  xz support was accidentally disabled in 2.9.2. Marking the devel release
  as 'needed' so that the build system fix
  (18b8988511b0954272cac4d6c3e6724f9dbf6e0a) doesn't slip in without this
  CVE fix.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu1)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
More Information

Updated: 2019-09-19 15:55:51 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)