[xml/sgml-pkgs] Bug#705722: Bug#705722: libxml2: CVE-2013-1969
Aron Xu
happyaron.xu at gmail.com
Fri Apr 19 09:29:59 UTC 2013
found 705722 2.9.0+dfsg1-4
thanks
I think this bug only exist from 2.9.0? xmlBufGetInputBase() does not
exist before that.
On Fri, Apr 19, 2013 at 12:51 PM, Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Package: libxml2
> Severity: grave
> Tags: security patch upstream
>
> Hi,
>
> the following vulnerability was published for libxml2.
>
> CVE-2013-1969[0]:
> se-after-free error in "htmlParseChunk()" and "xmldecl_done()"
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> A patch commited in git upstream repo is at [1].
>
> For further information see:
>
> [0] http://security-tracker.debian.org/tracker/CVE-2013-1969
> [1] https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
> _______________________________________________
> debian-xml-sgml-pkgs mailing list
> debian-xml-sgml-pkgs at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-xml-sgml-pkgs
--
Regards,
Aron Xu
More information about the debian-xml-sgml-pkgs
mailing list