Re: [xml] Redhat security update for libxml2



On Tue, Nov 18, 2008 at 07:16:50PM +0000, Graham Bennett wrote:
Hi all,

I've been notified of a Redhat security update for libxml2:
https://rhn.redhat.com/errata/RHSA-2008-0988.html, and was hoping to
update my own builds with a version that doesn't suffer from these
vulnerabilities (I build from the standard source distribution, not the
Redhat source).  

It wasn't immediately obvious from the release notes and recent mailing
list traffic if these have been fixed in a released version of the
libxml distribution yet.  If they haven't, is a new released planned to
address them?

Speaking of which, the patch for the SAX2Characters issue seems strange
to me. While it is okay on 32-bits architectures, it doesn't make much
sense on 64-bits architectures, where the addition of 2 ints can hardly
be greater than SIZE_T_MAX.
FWIW, as SIZE_T_MAX was not defined on glibc, the patch I applied on
debian replaces SIZE_T_MAX with UINT_MAX.

Mike



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]