+++ This bug was initially created as a clone of Bug #280617 +++
Jukka Taimisto and Rauli Kaksonen from the CROSS project at Codenomicon reported the following vulnerabilities:
* Multiple pointer use-after-free flaws CVE-2009-2416
* Stack oveeflow when parsing recursive XML structures CVE-2009-2414
Furthermore, we missed patches for CVE-2004-0110 and CVE-2004-0989 that were needed for libxml-1 as well. Thanks to Victor Ostorga for noting that.
Since we never audited libxml for issues in libxml2, I wonder what the status of these CVEs is:
* CVE-2008-3281 and the original CVE-2003-1564
to be masked for removal
It's masked now
(In reply to comment #2)
> It's masked now
and also removed. feel free to handle this bug as you see fit.
The package is no longer in the tree. Should we make a decision about GLSA for those users who might still have it installed?
No vote required as this was rated B2. Request filed.
Two years old, package is gone from tree. Closing as OBSOLETE