tags 607922 + pending thanks Dear maintainer,
I've prepared an NMU for libxml2 (versioned as 2.7.8.dfsg-1.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog
--- libxml2-2.7.8.dfsg/debian/changelog
+++ libxml2-2.7.8.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+libxml2 (2.7.8.dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2010-4494: memory corruption (double-free) in xpath.c
+ (closes: #607922)
+
+ -- Jonathan Wiltshire <j...@debian.org> Fri, 24 Dec 2010 17:55:09 +0000
+
libxml2 (2.7.8.dfsg-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- libxml2-2.7.8.dfsg.orig/xpath.c
+++ libxml2-2.7.8.dfsg/xpath.c
@@ -11763,11 +11763,16 @@
if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) {
xmlXPathObjectPtr tmp;
- /* pop the result */
+ /* pop the result if any */
tmp = valuePop(ctxt);
- xmlXPathReleaseObject(xpctxt, tmp);
- /* then pop off contextObj, which will be freed later */
- valuePop(ctxt);
+ if (tmp != contextObj) {
+ /*
+ * Free up the result
+ * then pop off contextObj, which will be freed later
+ */
+ xmlXPathReleaseObject(xpctxt, tmp);
+ valuePop(ctxt);
+ }
goto evaluation_error;
}
signature.asc
Description: Digital signature
