CVE-2015-8035

Priority
Description
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect
compression errors, which allows context-dependent attackers to cause a
denial of service (process hang) via crafted XML data.
Notes
 tyhicks> The test xz file does not trigger the DoS in our 2.9.2 builds.
  xz support was accidentally disabled in 2.9.2. Marking the devel release
  as 'needed' so that the build system fix
  (18b8988511b0954272cac4d6c3e6724f9dbf6e0a) doesn't slip in without this
  CVE fix.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu1)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
More Information

Updated: 2019-03-19 12:23:46 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)