On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote: > Package: libxml2 > Severity: serious > Tags: security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > two libxml2 issues were fixed in the latest chrome updates: > > CVE-2011-2821 > Double free vulnerability in libxml2, as used in Google Chrome before > 13.0.782.215, allows remote attackers to cause a denial of service or > possibly have unspecified other impact via a crafted XPath expression. > > Patch: > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6 > > > CVE-2011-2834 > Double free vulnerability in libxml2, as used in Google Chrome before > 14.0.835.163, allows remote attackers to cause a denial of service or > possibly have unspecified other impact via vectors related to XPath > handling. > > Patch: http://src.chromium.org/viewvc/chrome?view=rev&revision=98359
I'm going to push that to unstable, do we want stable/oldstable backports? Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
