On Tue, Nov 18, 2008 at 08:28:49PM +0100, Mike Hommey wrote: > On Tue, Nov 18, 2008 at 07:16:50PM +0000, Graham Bennett wrote: > > Hi all, > > > > I've been notified of a Redhat security update for libxml2: > > https://rhn.redhat.com/errata/RHSA-2008-0988.html, and was hoping to > > update my own builds with a version that doesn't suffer from these > > vulnerabilities (I build from the standard source distribution, not the > > Redhat source). > > > > It wasn't immediately obvious from the release notes and recent mailing > > list traffic if these have been fixed in a released version of the > > libxml distribution yet. If they haven't, is a new released planned to > > address them?
Yeah sorry about that. Basically it was embargoed until monday, it's not that easy to trigger the bugs, I didn't generate a new release for this I will probably do one within a week or so including those and I hope a solution for the PHP SAX problem. > Speaking of which, the patch for the SAX2Characters issue seems strange > to me. While it is okay on 32-bits architectures, it doesn't make much > sense on 64-bits architectures, where the addition of 2 ints can hardly > be greater than SIZE_T_MAX. > FWIW, as SIZE_T_MAX was not defined on glibc, the patch I applied on > debian replaces SIZE_T_MAX with UINT_MAX. Actually in SVN there is a define of SIZE_T_MAX as (size_t) -1 which solves the pxprotability problem. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ [EMAIL PROTECTED] | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org http://mail.gnome.org/mailman/listinfo/xml