Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Related bugs and status

CVE-2012-6702 (Candidate) is related to these bugs:

Bug #1600717: Sync expat 2.2.0-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1600717	Sync expat 2.2.0-1 (main) from Debian unstable (main)		expat (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016060...
MLIST: [oss-security] 2016060...
DEBIAN: DSA-3597
CONFIRM: https://source.android...
BID: 91483
UBUNTU: USN-3010-1
GENTOO: GLSA-201701-21
CONFIRM: https://www.tenable.co...