Package: libxml2 Version: 2.8.0+dfsg1-7+nmu3 Severity: important Dear Maintainer,
In the process of chasing strange errors in a pacemaker cluster, I came across a bug introduced into the libxml2 packages by the 2.8.0+dfsg1-7+nmu3 security update. That update applied a single-line patch to threads.c (0007-Fix-pthread-memory-corruption.patch), intending to eliminate a memory corruption issue. However, it actually introduced additional memory corruption, by assigning non-static data to a structure member. This was discussed in an upstream mailing list at: https://mail.gnome.org/archives/xml/2012-September/msg00033.html The patch described in that posting was included in upstream version 2.9.1. It was described in the 2.9.1 release notes as "Fix a thread portability problem (Friedrich Haubensak)," because the issue caused the Solaris compiler to refuse to compile, but the memory corruption it introduced applies to all pthread-based platforms including Debian. -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
