[xml/sgml-pkgs] Bug#460292: libxml2: libxml2 UTF-8 parsing denial of service vulnerability
Nico Golde
nion at debian.org
Sun Jan 13 14:08:57 UTC 2008
tags 460292 + security
severity 460292 grave
retitle 460292 libxml2: CVE-2007-6284 denial of service via crafted UTF-8 sequence
thanks
Hi Pascal,
* Pascal Volk <user at localhost.localdomain.org> [2008-01-13 14:33]:
> Am 12.01.2008 04:31 schrieb Nico Golde:
> >
> > Is there any service using libxml2? If not I would consider
> > this a normal bug rather than a security issue.
>
> There are services that use libxml2 indirectly. For example apache2 with
> libapache2-mod-php5, php5-cgi (with php5-xsl and/or php5-xmlrpc),
> libapache2-modxslt, libapache2-mod-proxy-html.
> icecast2 depends directly on libxml2.
Ok thank you. Adjusting bug status.
This is CVE-2007-6284, please mention this CVE id in the
changelog if you close this bug.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20080113/c5230087/attachment.pgp
More information about the debian-xml-sgml-pkgs
mailing list