[SECURITY] [DLA 1194-1] libxml2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy11
CVE ID : CVE-2017-16931 CVE-2017-16932
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity
references because the NEXTL macro calls the
xmlParserHandlePEReference function in the case of a '%' character
in a DTD name.
CVE-2017-16932
parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion in parameter entities.
For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy11.
We recommend that you upgrade your libxml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJaIBAZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHW/IP/0fOwwmqwfaZbfAivPns1MRY
/mnJ7ij2dki7AT+0r3nHeuNlhk5RyRQPsJXT46Cqz8FxoODzSfx2O+cFYpFkRYqy
M8EChp2cS6uqjcg3qgrX7ijPMMSQTCs+WiDzaNkFjfngGHMLfphH3wydAysKFyVc
IM/n2p9WzS9MnQcX2Nx4g/jzFYFAwsoyv6vumVrWF5NTgQnvRnEQ1GG+Orajfedb
vyEY6DDbFKcYls3bqhO9NviiERMPPl8kEEBMfAdP/LIJOy+dGm8FwKYQydZGpLXE
+heEWgMNwLtow6ubD/n4A6HjeEnTvaOe8Bx3HopM26O4F9pPgG9/xPAcgTMo9+Yb
pJGNUOMau79F1T094Qb1ZclLkENbQsejoZLUkNNuryrK1q445i3qA800xtSWCGm/
r/VpKlvlcsr662h+jhiU8rSDfvm0W1B0LduGHAsPO6/7+I5nY8XGUGlMLR76wr+6
EyZhe63gz7krrOMkKTXkmNMdZBP5AM4F6v6vd6VopYEYhz0e5Bw5pCe4CJ+Ehr1x
r5KFnUbR6+Z9wiVHh4+0r6c5AEEClD9ZGLyVYY0yeCi0Z/4B7/wVRS362ce96oSh
NgvWSOel6CWYFqlwQUPSfhu7LIil++cdf6r855sB6dPaZ7iWjOQLrjolneIqykRE
iDjGPoBPi9k5pKh7RzBK
=4kqY
-----END PGP SIGNATURE-----
Reply to: