Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=835863.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-06-27T10:29:19+00:00 jlieskov wrote: Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2807 to the following vulnerability: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. References: [1] http://code.google.com/p/chromium/issues/detail?id=129930 [2] http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/1 ------------------------------------------------------------------------ On 2012-06-28T12:08:51+00:00 jlieskov wrote: Relevant Google Chrome patch: [3] http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/4 ------------------------------------------------------------------------ On 2012-07-18T10:26:45+00:00 veillard wrote: Okay, i finally pushed a patch upstream that I think should backport rather easily http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626 that one http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28 should also be applied in the errata to avoid similar problem elsewhere. Somehow that's not a complete fix but that's the most immediate and simple way to stop the given problem. I'm still working on a (rather large and intrusive) set of patches for upstream but I would not suggest to push that in RHEL. For fedora I may be tempted to rebase once a new libxml2 version is out Daniel Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/7 ------------------------------------------------------------------------ On 2012-07-27T07:08:17+00:00 huzaifas wrote: The above patches, described in comment #4 seems to solve the problem here. libxml2 no longer crashes with them. For Red Hat Enterprise Linux use case, we may however require few more patches from upstream. Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/8 ------------------------------------------------------------------------ On 2012-07-27T08:42:59+00:00 huzaifas wrote: Created libxml2 tracking bugs for this issue Affects: fedora-all [bug 843743] Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/9 ------------------------------------------------------------------------ On 2012-09-04T21:37:12+00:00 teger wrote: This has been reported over 2 months ago with a possible fix coming in a little over a month. Is there any plan of action to fix libxml2 vulnerabilities? Primarily this is a bump to put in back on someones to do list. Thank you Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/10 ------------------------------------------------------------------------ On 2012-09-18T17:21:34+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1288 https://rhn.redhat.com/errata/RHSA-2012-1288.html Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/12 ------------------------------------------------------------------------ On 2012-09-20T02:42:09+00:00 huzaifas wrote: Created mingw32-libxml2 tracking bugs for this issue Affects: epel-5 [bug 858914] Affects: fedora-all [bug 858915] Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/13 ------------------------------------------------------------------------ On 2013-01-04T10:35:49+00:00 huzaifas wrote: This flaw affects x86_64 version of libxml2 only, however mingw32-libxml2 is only shipped as x86 (32-bit) and therefore it is not affected. Statement: This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue does not affect the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium- browser/+bug/1018204/comments/17 ** Bug watch added: code.google.com/p/chromium/issues #129930 http://code.google.com/p/chromium/issues/detail?id=129930 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1018204 Title: <chromium-browser-20.0.1132.43: multiple vulnerabilities (CVE-2012-{2807,2815,2817,2818,2819,2820,2821,2823,2824,2825,2826,2829,2830,2831,2834}) Status in chromium-browser package in Ubuntu: Fix Released Status in libxml2 package in Ubuntu: Fix Released Status in libxslt package in Ubuntu: Fix Released Status in libxml2 package in Debian: Fix Released Status in libxslt package in Debian: Fix Released Status in libxml2 package in Fedora: Confirmed Status in libxslt package in Fedora: Fix Released Bug description: The Google Chrome team is happy to announce the arrival of Chrome 20 (20.0.1132.43) to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Release notes in URL [1]. [1] http://googlechromereleases.blogspot.com/2012/06/stable-channel- update_26.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1018204/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
