[Debian] Medium CVE: CVE-2023-28484/CVE-2023-29469: libxml2: multiple CVEs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Li Zhou |
Bug Description
CVE-2023-28484: https:/
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupC
CVE-2023-29469: https:/
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeF
Base Score: Medium
References:
https:/
https:/
https:/
['libxml2-
CVE References
tags: | added: stx.9.0 |
tags: | added: stx.security |
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
Fixed by https:/ /review. opendev. org/c/starlingx /tools/ +/887351 which merged on July 12.