[xml] Regarding CVE2008-3281

From: Ashwin Sinha <4shw1ns1nh4 gmail com>
To: xml gnome org, veillard redhat com
Subject: [xml] Regarding CVE2008-3281
Date: Wed, 13 Jun 2012 23:41:22 +0530

Hi Daniel, list

Firstly thanks for this wonderful piece of software which we have been using for a number of years now. Its super! :)

I write chiefly to get some information regarding CVE2008-3281. We are currently using version 2.6.28, and wanted to merge the patch for 3281,however the patch solution and the latest libxml versions seem to have some differences. Specifically with the use of ctxt->owner in the patch, while the latest version does not use it. I tried to search on the list but could gather nothing conclusive :(.

I would be really grateful if someone could point me in the right direction or give some background for the same.

Chiefly i wanted to know if the patch merge as is of 3281 is sufficient, or does the latest version fix some problems in the patch.

I am referring to the following links

http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3762&r2=3772

https://mail.gnome.org/archives/xml/2008-August/msg00034.html

On top of this following seems to have been added

http://svn.gnome.org/viewvc/libxml2/trunk/parser.c?r1=3772&r2=3773

Any help would be greatly appreciated

Thanks in advance

Regards

Ashwin

Follow-Ups:
- Re: [xml] Regarding CVE2008-3281
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]