Summary: | dev-libs/libxml2 <2.7.2 "ampproblem" DoS (CVE-2008-4409) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | cweiske, gnome, ian | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://bugzilla.gnome.org/show_bug.cgi?id=554660 | ||||||||
Whiteboard: | A3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | |||||||||
Bug Blocks: | 234099 | ||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-10-02 16:51:42 UTC
Patched: http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3798 To be released soon. Patch works for me. Created attachment 167075 [details] libxml2-2.7.1-r1.ebuild Ebuild for patch: http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3798&r2=3797&pathrev=3798 Created attachment 167076 [details] libxml2-2.7.1-parser-dos.patch Patch from http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3798&r2=3797&pathrev=3798 That (very simple!) patch works for me, passes the test from http://bugzilla.gnome.org/show_bug.cgi?id=554660. "Status Whiteboard" would be changed to "A3 [stable]" now, correct? (In reply to comment #5) > That (very simple!) patch works for me, passes the test from > http://bugzilla.gnome.org/show_bug.cgi?id=554660. > "Status Whiteboard" would be changed to "A3 [stable]" now, correct? Only after it is committed. 2.7.2 is out with a fix, too. libxml2-2.7.2.ebuild is in tree. Arches, please test and stabilize sparc stable amd64/x86 stable ppc stable ppc64 done Stable for HPPA. GLSA together with bug 234099 and bug 237806. GLSA 200812-06 |