[xml/sgml-pkgs] Bug#715531: libxml2: CVE-2013-2877
Moritz Muehlenhoff
jmm at inutil.org
Wed Jul 10 06:42:46 UTC 2013
Package: libxml2
Severity: grave
Tags: security
Justification: user security hole
http://googlechromereleases.blogspot.de/2013/07/stable-channel-update.html includes:
[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.
The commit in Chromium is
http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
The upstream commit in libxml2 is:
https://git.gnome.org/browse/libxml2/commit/parser.c?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
Cheers,
Moritz
More information about the debian-xml-sgml-pkgs
mailing list