On Sat, Nov 06, 2010 at 02:22:18PM +0100, Giuseppe Iuculano wrote: > Package: libxml2 > Version: 2.7.7.dfsg-4 > Severity: serious > Tags: security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > it was discovered that libxml2 does not well process a malformed XPATH, > causing crash and allowing arbitrary code execution. > > Patch: > http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c > http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
Interestingly none of the above commits talk about crash and arbitrary code execution. Is there a working test case available somewhere? Anyways, that would need a backport for stable, and maybe testing, depending how the release team feels about 2.7.8. Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
