[xml/sgml-pkgs] Bug#715531: libxml2: CVE-2013-2877

Moritz Muehlenhoff jmm at inutil.org
Wed Jul 10 06:42:46 UTC 2013


Package: libxml2
Severity: grave
Tags: security
Justification: user security hole

http://googlechromereleases.blogspot.de/2013/07/stable-channel-update.html includes:

[229019] Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG.

The commit in Chromium is 
http://git.chromium.org/gitweb/?p=chromium.git;a=commit;h=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1

The upstream commit in libxml2 is:
https://git.gnome.org/browse/libxml2/commit/parser.c?id=e50ba8164eee06461c73cd8abb9b46aa0be81869

Cheers,
        Moritz



More information about the debian-xml-sgml-pkgs mailing list