Double free vulnerabilities in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression and via vectors related to XPath handling Commits as fixing the issue: (CVE-2011-2821) http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb (CVE-2011-2834) https://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=98359&r2=98358&pathrev=98359 Reproducible: Always
(In reply to comment #0) > > (CVE-2011-2834) > https://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/xpath.c?r1=98359&r2=98358&pathrev=98359 > I think the libxml2 commit for this issue is: http://git.gnome.org/browse/libxml2/commit/?id=1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
+*libxml2-2.7.8-r3 (15 Oct 2011) + + 15 Oct 2011; Pacho Ramos <pacho@gentoo.org> -libxml2-2.7.8.ebuild, + +libxml2-2.7.8-r3.ebuild, +files/libxml2-2.7.8-error-xpath.patch, + +files/libxml2-2.7.8-hardening-xpath.patch: + Fix CVE-2011-{2821,2834}, bug #386985, thanks to Michael Harrison and Tim + Sammut. Remove old. +
(In reply to comment #2) > +*libxml2-2.7.8-r3 (15 Oct 2011) > + Awesome, thank you, Pacho. Arches, please test and mark stable: =dev-libs/libxml2-2.7.8-r3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Better use bug 385699 for other arches than amd64 to prevent them from needing to stabilize an older version
@gnome, minor warning: dev-libs/libxml2/libxml2-2.7.8-r3.ebuild: Unquoted Variable on line: 112 amd64 ok.
Why is this depending on bug 387281? Is it caused by libxml update? Regarding unquoted variables, it's due prefix stuff, if I don't misremember, it's a false positive, but better ask to prefix team for that.
(In reply to comment #6) > Why is this depending on bug 387281? Is it caused by libxml update? Sorry, my bad, wrong bug =) > Regarding unquoted variables, it's due prefix stuff, if I don't misremember, > it's a false positive, but better ask to prefix team for that. grep PREFIX /usr/portage/dev-libs/libxml2/* contains your response :p
(In reply to comment #7) > (In reply to comment #6) > > Regarding unquoted variables, it's due prefix stuff, if I don't misremember, > > it's a false positive, but better ask to prefix team for that. > > grep PREFIX /usr/portage/dev-libs/libxml2/* contains your response :p I was talking about asking for the reasons of not adding quotes when some prefix team members add prefix support ;)
amd64: emerge fine, rdeps emerge fine, all aok
+ 20 Oct 2011; Tony Vroon <chainsaw@gentoo.org> libxml2-2.7.8-r3.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #386985.
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201110-26 at http://security.gentoo.org/glsa/glsa-201110-26.xml by GLSA coordinator Tim Sammut (underling).
CVE-2011-2821 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821): Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.