Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 370715 (CVE-2011-1944) - <dev-libs/libxml2-2.7.8-r1: buffer overflow in XPath module (CVE-2011-1944)
Summary: <dev-libs/libxml2-2.7.8-r1: buffer overflow in XPath module (CVE-2011-1944)
Alias: CVE-2011-1944
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A1 [glsa]
Depends on:
Reported: 2011-06-08 20:23 UTC by Sylvia
Modified: 2011-10-26 20:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Pacho Ramos gentoo-dev 2011-06-13 14:55:21 UTC
+*libxml2-2.7.8-r1 (13 Jun 2011)
+  13 Jun 2011; Pacho Ramos <> -libxml2-2.7.7.ebuild,
+  +libxml2-2.7.8-r1.ebuild, +files/libxml2-2.7.8-reallocation-failures.patch:
+  Fix some potential problems on reallocation failures (CVE-2011-1944), bug
+  #370715 by Sylvia. Remove old.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-13 14:59:18 UTC
(In reply to comment #1)
> +*libxml2-2.7.8-r1 (13 Jun 2011)
> +
> +  13 Jun 2011; Pacho Ramos <> -libxml2-2.7.7.ebuild,
> +  +libxml2-2.7.8-r1.ebuild, +files/libxml2-2.7.8-reallocation-failures.patch:
> +  Fix some potential problems on reallocation failures (CVE-2011-1944), bug
> +  #370715 by Sylvia. Remove old.
> +

Thanks, Pacho.

Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2011-06-13 19:53:32 UTC
amd64 ok
Comment 4 Ian Delaney (RETIRED) gentoo-dev 2011-06-13 23:01:29 UTC

ditto Ago
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2011-06-14 03:43:02 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2011-06-14 21:05:27 UTC
amd64/arm/x86 stable, thanks Agostino and Ian
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2011-06-19 14:56:31 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2011-06-22 20:21:30 UTC
ppc done
Comment 9 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-03 11:19:50 UTC
ppc64 stable, last arch done
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-07-03 15:45:46 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:34:43 UTC
CVE-2011-1944 (
  Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x
  through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent
  attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via a crafted XML file that triggers a heap-based buffer
  overflow when adding a new namespace node, related to handling of XPath
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2011-10-26 20:50:58 UTC
This issue was resolved and addressed in
 GLSA 201110-26 at
by GLSA coordinator Tim Sammut (underling).