CVE-2015-8710

Priority
Description
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers
to obtain sensitive information, cause a denial of service (out-of-bounds
heap memory access and application crash), or possibly have unspecified
other impact via an unclosed HTML comment.
Assigned-to
mdeslaur
Notes
jdstrandthese missed OTA9 in vivid/stable-phone-overlay and should be
included in OTA9.5 via https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/stable-snapshot/+packages
these landed in rc-proposed r385 on krillin:
http://people.canonical.com/~lzemczak/landing-team/ubuntu-touch/rc-proposed/ubuntu/krillin/385.commitlog
Package
Upstream:released (2.9.2+really2.9.1+dfsg1-0.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.7)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu3)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
More Information

Updated: 2020-09-10 04:56:57 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)