[xml/sgml-pkgs] Bug#765722: CVE-2014-3660 libxml2 billion laugh variant
Thijs Kinkhorst
thijs at debian.org
Fri Oct 17 14:02:30 UTC 2014
Package: libxml2
Severity: serious
Tags: security patch
Hi,
The Netherlands Cyber Security Center announced an issue in libxml2.
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
It seems to be a variant of the classic 'billion laughs' vulnerability.
Upstream has fixed this in 2.9.2:
https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
Cheers,
Thijs
More information about the debian-xml-sgml-pkgs
mailing list