found 705722 2.9.0+dfsg1-4 thanks I think this bug only exist from 2.9.0? xmlBufGetInputBase() does not exist before that.
On Fri, Apr 19, 2013 at 12:51 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Package: libxml2 > Severity: grave > Tags: security patch upstream > > Hi, > > the following vulnerability was published for libxml2. > > CVE-2013-1969[0]: > se-after-free error in "htmlParseChunk()" and "xmldecl_done()" > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > A patch commited in git upstream repo is at [1]. > > For further information see: > > [0] http://security-tracker.debian.org/tracker/CVE-2013-1969 > [1] > https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > _______________________________________________ > debian-xml-sgml-pkgs mailing list > debian-xml-sgml-p...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-xml-sgml-pkgs -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
