Hi Daniel, list
Firstly thanks for this wonderful piece of software which we have been
using for a number of years now. Its super! :)
I write chiefly to get some information regarding CVE2008-3281. We are
currently using version 2.6.28, and wanted to merge the patch for
3281,however the patch solution and the latest libxml versions seem to have
some differences. Specifically with the use of ctxt->owner in the patch,
while the latest version does not use it. I tried to search on the list but
could gather nothing conclusive :(.
I would be really grateful if someone could point me in the right direction
or give some background for the same.
Chiefly i wanted to know if the patch merge as is of 3281 is sufficient, or
does the latest version fix some problems in the patch.
I am referring to the following links
http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3762&r2=3772
https://mail.gnome.org/archives/xml/2008-August/msg00034.html
On top of this following seems to have been added
http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3772&r2=3773
Any help would be greatly appreciated
Thanks in advance
Regards
Ashwin
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
https://mail.gnome.org/mailman/listinfo/xml
