Bug#278622: [xml/sgml-pkgs] Bug#278622: libxml2: CAN-2004-0989: multiple buffer overflows

Mike Hommey Mike Hommey <mh@glandium.org>, 278622@bugs.debian.org
Thu, 28 Oct 2004 19:31:17 +0900


tag 278622 + pending
thanks

On Thu, Oct 28, 2004 at 11:19:38AM +0200, Martin Pitt wrote:
> libxml2 is vulnerable to CAN-2004-0989. Please see 
> 
>   http://www.securityfocus.com/archive/1/379383/2004-10-24/2004-10-30/0
>  
> for details.
> 
> I just uploaded fixed Ubuntu packages; the package interdiff
> containing the patch can be downloaded from our bug tracking system:
> 
> https://bugzilla.ubuntulinux.org/show_bug.cgi?id=2809

I actually just finished packaging fixes for libxml and libxml2 updates
which will soon be uploaded in stable-security and unstable.
I backported upstream changes from 2.6.15 in all these packages.
You might want to take a look at the libxml update as well, for Ubuntu.
All these are available there:
Woody security updates:
http://glandium.org/debian/stable-security/libxml_1.8.17-2woody2_i386.changes
http://glandium.org/debian/stable-security/libxml2_2.4.19-4woody2_i386.changes

Unstable (security update only ; urgency high):
http://glandium.org/debian/unstable/libxml_1.8.17-9_i386.changes
http://glandium.org/debian/unstable/libxml2_2.6.11-5_i386.changes

Experimental (new upstream version, which fixes the buffer overflow):
http://glandium.org/debian/experimental/libxml2_2.6.15-1_i386.changes

Cheers,

Mike