On Fri, Oct 07, 2011 at 09:02:00AM +0200, Mike Hommey wrote: > On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote: > > Package: libxml2 > > Severity: serious > > Tags: security > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi, > > > > two libxml2 issues were fixed in the latest chrome updates: > > > > CVE-2011-2821 > > Double free vulnerability in libxml2, as used in Google Chrome before > > 13.0.782.215, allows remote attackers to cause a denial of service or > > possibly have unspecified other impact via a crafted XPath expression. > > > > Patch: > > http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
As a matter of fact, this one was fixed with CVE-2010-4494. CVE-2011-2821 is actually http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
