[xml/sgml-pkgs] Bug#643648: CVE-2011-2834 and CVE-2011-2821

Mike Hommey mh at glandium.org
Fri Oct 7 07:02:00 UTC 2011


On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> Package: libxml2
> Severity: serious
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> two libxml2 issues were fixed in the latest chrome updates:
> 
> CVE-2011-2821
> Double free vulnerability in libxml2, as used in Google Chrome before
> 13.0.782.215, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via a crafted XPath expression.
> 
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
> 
> 
> CVE-2011-2834
> Double free vulnerability in libxml2, as used in Google Chrome before
> 14.0.835.163, allows remote attackers to cause a denial of service or
> possibly have unspecified other impact via vectors related to XPath
> handling.
> 
> Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359

I'm going to push that to unstable, do we want stable/oldstable
backports?

Mike





More information about the debian-xml-sgml-pkgs mailing list