[xml/sgml-pkgs] Bug#643648: CVE-2011-2834 and CVE-2011-2821
Giuseppe Iuculano
iuculano at debian.org
Wed Sep 28 10:54:33 UTC 2011
Package: libxml2
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
two libxml2 issues were fixed in the latest chrome updates:
CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.
Patch:
http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.
Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk6C/OYACgkQNxpp46476apt2ACdHKTvWjo4WoxEWsVD6Z7a9elU
AFgAn2ml9iJvUDCXczdrJcVH1PIknJFT
=EMJW
-----END PGP SIGNATURE-----
More information about the debian-xml-sgml-pkgs
mailing list