[xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
Giuseppe Iuculano
iuculano at debian.org
Sat Nov 6 13:22:18 UTC 2010
Package: libxml2
Version: 2.7.7.dfsg-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
it was discovered that libxml2 does not well process a malformed XPATH,
causing crash and allowing arbitrary code execution.
Patch:
http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzVVoYACgkQNxpp46476arbpwCeK9pEIv7u4PC+3YAfUO67eADI
Ls0An045V3eap6+bhfM88as/0hq+tEqw
=ymuH
-----END PGP SIGNATURE-----
More information about the debian-xml-sgml-pkgs
mailing list