Re: [xml] fixes for libxml2 -- security vulnerabilities

On Thu, Sep 22, 2011 at 2:20 AM, Gelle, Sreenivasulu  wrote:
I want to know fixes(source code) in for the problems reported in . Please
send me the fixes and if not where I can find them.


An XML document with specially-crafted Notation or Enumeration attribute
types in a DTD definition leads to the use of a pointers to memory areas
which have already been freed.


Missing checks for the depth of ELEMENT DTD definitions when parsing child
content can lead to extensive stack-growth due to a function recursion which
can be triggered via a crafted XML document.

Dear Sreenivasulu,

It is now 2011-09-22. These bugs have been fixed on 2009-08-10, that
is, more than two years ago:

The latest libxml2 sources already contain the fixes for both vulnerabilities.

Hope this helps,
GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++
The Tao of math: The numbers you can count are not the real numbers.
Life is complex, with real and imaginary parts.
"Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds
"People disagree with me. I just ignore them." -- Linus Torvalds

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]