[xml/sgml-pkgs] Bug#643648: CVE-2011-2834 and CVE-2011-2821
Mike Hommey
mh at glandium.org
Fri Oct 7 07:21:33 UTC 2011
On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote:
> On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
> > Package: libxml2
> > Severity: serious
> > Tags: security
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > two libxml2 issues were fixed in the latest chrome updates:
> >
> > CVE-2011-2821
> > Double free vulnerability in libxml2, as used in Google Chrome before
> > 13.0.782.215, allows remote attackers to cause a denial of service or
> > possibly have unspecified other impact via a crafted XPath expression.
> >
> > Patch:
> > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
As a matter of fact, this one was fixed with CVE-2010-4494.
CVE-2011-2821 is actually
http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb
Mike
More information about the debian-xml-sgml-pkgs
mailing list