[xml/sgml-pkgs] Bug#643648: CVE-2011-2834 and CVE-2011-2821
Mike Hommey
mh at glandium.org
Fri Oct 7 07:02:00 UTC 2011
On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> Package: libxml2
> Severity: serious
> Tags: security
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> two libxml2 issues were fixed in the latest chrome updates:
>
> CVE-2011-2821
> Double free vulnerability in libxml2, as used in Google Chrome before
> 13.0.782.215, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via a crafted XPath expression.
>
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
>
>
> CVE-2011-2834
> Double free vulnerability in libxml2, as used in Google Chrome before
> 14.0.835.163, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via vectors related to XPath
> handling.
>
> Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
I'm going to push that to unstable, do we want stable/oldstable
backports?
Mike
More information about the debian-xml-sgml-pkgs
mailing list