[xml/sgml-pkgs] Bug#656377: libxml2: [PATCH] fix for CVE-2011-3919

Jamie Strandboge jamie at ubuntu.com
Wed Jan 18 21:12:16 UTC 2012

Package: libxml2
Version: 2.7.8.dfsg-5.1
Severity: grave
Tags: patch security
Justification: user security hole
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu precise ubuntu-patch

Dear Maintainer,

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: denial of service via buffer overflow
    - parser.c: fix an allocation error when copying entities
    - 5bd3c061823a8499b27422aee04ea20aae24f03e
    - CVE-2011-3919

Thanks for considering the patch.


-- System Information:
Debian Release: wheezy/sid
  APT prefers precise-updates
  APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libxml2_2.7.8.dfsg-5.1ubuntu2.debdiff
Type: text/x-diff
Size: 487 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20120118/f6078d7f/attachment.diff>

More information about the debian-xml-sgml-pkgs mailing list