Summary: | <dev-libs/libxml2-2.8.0-r2: heap-based buffer overflow (CVE-2012-2871) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2012-09-08 16:02:04 UTC
Should be fixed in libxml2-2.8.0-r2. Thanks for reporting! >*libxml2-2.8.0-r2 (09 Sep 2012) > > 09 Sep 2012; Alexandre Rostovtsev <tetromino@gentoo.org> > -files/libxml2-2.7.2-winnt.patch, -libxml2-2.7.8-r5.ebuild, > -files/libxml2-2.7.8-allocation-error-copying-entities.patch, > -files/libxml2-2.7.8-error-xpath.patch, > -files/libxml2-2.7.8-hardening-xpath.patch, > -files/libxml2-2.7.8-hash-randomization.patch, > -files/libxml2-2.7.8-reactivate-script.patch, > -files/libxml2-2.7.8-reallocation-failures.patch, > -files/libxml2-2.7.8-windows-thread_t.patch, > -files/libxml2-2.7.8-xpath-freeing.patch, > -files/libxml2-2.7.8-xpath-freeing2.patch, > -files/libxml2-2.7.8-xpath-memory.patch, +libxml2-2.8.0-r2.ebuild: > Add upstream patches to ensure special treatment for namespace nodes > (CVE-2012-2871, bug #434344, thanks to Paweł Hajdan, Jr. and Sean Amoss). > Drop old version. Great, thanks. Arches, please test and mark stable: =dev-libs/libxml2-2.8.0-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Stable for HPPA. amd64 stable x86 stable, thanks. alpha/arm/ia64/s390/sh/sparc stable stable ppc64 stable ppc Thanks, everyone. Filing a new GLSA request. m68k -> ~ only, removing from CC. @maintainers: cleanup please. (In reply to Chris Reffett from comment #10) > @maintainers: cleanup please. This was cleaned up a year ago :) > 22 Sep 2012; Pacho Ramos <pacho@gentoo.org> > -files/libxml2-2.8.0_rc1-randomization-threads.patch, > -libxml2-2.8.0-r1.ebuild, -libxml2-2.8.0_rc1.ebuild: > Drop old. (In reply to Alexandre Rostovtsev from comment #11) > (In reply to Chris Reffett from comment #10) > > @maintainers: cleanup please. > > This was cleaned up a year ago :) Yep, so, just waiting for GLSA This issue was resolved and addressed in GLSA 201311-06 at http://security.gentoo.org/glsa/glsa-201311-06.xml by GLSA coordinator Sean Amoss (ackle). |