OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-web Date: 05-Mar-2004 17:06:40 Branch: HEAD Handle: 2004030516063900 Modified files: openpkg-web/security OpenPKG-SA-2004.003-libxml.txt Log: review Summary: Revision Changes Path 1.2 +14 -13 openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt ============================================================================ $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.003-libxml.txt --- openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt 5 Mar 2004 15:09:26 -0000 1.1 +++ openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt 5 Mar 2004 16:06:39 -0000 1.2 @@ -1,3 +1,6 @@ + + + ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project @@ -10,22 +13,20 @@ Vulnerability: arbitrary code execution OpenPKG Specific: no -Affected Releases: Affected Packages: Corrected Packages: -OpenPKG CURRENT <= libxml-2.6.5-20040126 >= libxml-2.6.6-20040212 -OpenPKG 1.3 <= libxml-2.5.8-1.3.0.src.rpm >= libxml-2.5.8-1.3.1.src.rpm +Affected Releases: Affected Packages: Corrected Packages: +OpenPKG CURRENT <= libxml-2.6.5-20040126 >= libxml-2.6.6-20040212 +OpenPKG 2.0 none N.A. +OpenPKG 1.3 <= libxml-2.5.8-1.3.0 >= libxml-2.5.8-1.3.1 Affected Releases: Dependent Packages: -OpenPKG CURRENT apache (with option "with_mod_php_dom") - perl-xml (with option "with_libxml") - php (with option "with_dom") - php5 (with option "with_xml" or "with_dom") - cadaver dia kde-libs libgdome libglade libwmf libxslt +OpenPKG CURRENT apache::with_mod_php_dom perl-xml::with_libxml + php::with_dom php5::with_xml php5::with_dom cadaver + dia kde-libs libgdome libglade libwmf libxslt neon pan ripe-dbase roadrunner scli scrollkeeper sitecopy subversion wv xmlsec xmlstarlet xmlto xmms -OpenPKG 1.3 apache (with option "with_mod_php_dom") - perl-xml (with option "with_libxml") - php (with option "with_dom") - libgdome libwmf libxslt neon sitecopy xmlsec +OpenPKG 1.3 apache::with_mod_php_dom perl-xml::with_libxml + php::with_dom libgdome libwmf libxslt neon sitecopy + xmlsec Description: A flaw in libxml2 [0] found by Yuuichi Teranishi can be exploited to @@ -44,7 +45,7 @@ [5], fetch it from the OpenPKG FTP service [6] or a mirror location, verify its integrity [7], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. - For the current release OpenPKG 1.3, perform the following operations + For the affected release OpenPKG 1.3, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]