Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
CVE-2008-3529 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3529): Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name.
We need to patch this, and a fix for #234099 would be appreciated too. A reproducer is available on request.
Thing is, no-one has fixed librsvg. Or at least, I didn't find any patches for it during my quick search yesterday. So I really don't know what exactly we can do, except to start hacking on librsvg... Thoughts?
librsvg is not the only thing that breaks. Anything can break on an ABI break of a struct that wasn't made private properly, we just only know about librsvg, strigi and a few more (some of which might be due to using librsvg). I was not successful with convincing upstream that ABI breaks are bad, and should be treated like in glib and gtk+ - not done. So I need to patch this in am ABI compatible way and include this one here. I hope I can work on that later today after I'm done with some work work.
libxml2-2.7.0 restored ABI before release and it's fine afterall, as noted in bug 234099. libxml2-2.7.1 is in the tree now, and also addresses the security bug covered here, although note that with a different patch than in the referenced URL. I won't add arches myself, because bug 234099 already does so. security@, please add them yourself if you deem that necessary.
GLSA request filed.
GLSA 200812-06
