* Sandeep H S wrote: >We have a product which is dependent on libxml2. I required one >confirmation regarding "Multiple use-after-free vulnerabilities in libxml2 >2.9.0". It would be very helpful if you please confirm the same > >http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1969 > >In the above link, Affected version is mentioned as libxml2 2.9.0 but also >there is line specifying other versions are also affected. > >Please let me know which are the other versions affected and in particular >libxml2 2.7.5 is affected ? > >What is the test that can be done to check whether particular libxml2 >verison is affect by "Multiple use-after-free vulnerabilities".
Please note that the report linked above has links to the libxml2 bug tracker which in turn has links to the revision control system and it might well be that nobody will go through the effort to identify all affected releases for you; also keep in mind that this can be an error-prone process. And libxml2 2.7.5 is from 2009, it is probably not a good idea to keep it around. -- Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
