Bug#602609: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
On Sat, Nov 6, 2010 at 15:49:00 +0100, Mike Hommey wrote: Anyways, that would need a backport for stable, and maybe testing, depending how the release team feels about 2.7.8. 2.7.8-1 unblocked. Cheers, Julien signature.asc Description: Digital signature
Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
Package: libxml2 Version: 2.7.7.dfsg-4 Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, it was discovered that libxml2 does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. Patch: http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9 Cheers, Giuseppe. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkzVVoYACgkQNxpp46476arbpwCeK9pEIv7u4PC+3YAfUO67eADI Ls0An045V3eap6+bhfM88as/0hq+tEqw =ymuH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#602609: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
On Sat, Nov 06, 2010 at 02:22:18PM +0100, Giuseppe Iuculano wrote: Package: libxml2 Version: 2.7.7.dfsg-4 Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, it was discovered that libxml2 does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. Patch: http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9 Interestingly none of the above commits talk about crash and arbitrary code execution. Is there a working test case available somewhere? Anyways, that would need a backport for stable, and maybe testing, depending how the release team feels about 2.7.8. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org