[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [xml] Redhat security update for libxml2

From: Mike Hommey <mh glandium org>
To: xml gnome org
Subject: Re: [xml] Redhat security update for libxml2
Date: Tue, 18 Nov 2008 20:28:49 +0100

On Tue, Nov 18, 2008 at 07:16:50PM +0000, Graham Bennett wrote:
> Hi all,
> 
> I've been notified of a Redhat security update for libxml2:
> https://rhn.redhat.com/errata/RHSA-2008-0988.html, and was hoping to
> update my own builds with a version that doesn't suffer from these
> vulnerabilities (I build from the standard source distribution, not the
> Redhat source).  
> 
> It wasn't immediately obvious from the release notes and recent mailing
> list traffic if these have been fixed in a released version of the
> libxml distribution yet.  If they haven't, is a new released planned to
> address them?

Speaking of which, the patch for the SAX2Characters issue seems strange
to me. While it is okay on 32-bits architectures, it doesn't make much
sense on 64-bits architectures, where the addition of 2 ints can hardly
be greater than SIZE_T_MAX.
FWIW, as SIZE_T_MAX was not defined on glibc, the patch I applied on
debian replaces SIZE_T_MAX with UINT_MAX.

Mike

Follow-Ups:
- Re: [xml] Redhat security update for libxml2
  - From: Daniel Veillard

References:
- [xml] Redhat security update for libxml2
  - From: Graham Bennett

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]