- CVE-2015-8241
Buffer overread with XML parser in xmlNextChar
- CVE-2015-8317
- issues in the xmlParseXMLDecl function:
If we fail conversing the current input stream while
processing the encoding declaration of the XMLDecl
then it’s safer to just abort there and not try to
report further errors.
- If the string is not properly terminated do not try to convert
to the given encoding.
Additional fix for off by one error in previous patch for CVE-2015-7942
(thanks to Salvatore for spotting this)