CVE-2016-3709

NameCVE-2016-3709
DescriptionPossible cross-site scripting vulnerability in libxml after commit 960f0e2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxml2 (PTS)buster2.9.4+dfsg1-7+deb10u3vulnerable
buster (security)2.9.4+dfsg1-7+deb10u4vulnerable
bullseye (security), bullseye2.9.10+dfsg-6.7+deb11u2vulnerable
bookworm, sid2.9.14+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxml2source(unstable)2.9.12+dfsg-3

Notes

https://mail.gnome.org/archives/xml/2018-January/msg00010.html
https://bugzilla.gnome.org/show_bug.cgi?id=769760
Introduced by: https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588 (v2.9.2-rc1)c
Fixed by: https://github.com/GNOME/libxml2/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f (v2.9.11)

Search for package or bug name: Reporting problems