Re: [xml] Regarding CVE2008-3281

On Wed, Jun 13, 2012 at 11:41:22PM +0530, Ashwin Sinha wrote:
Hi Daniel, list
    Firstly thanks for this wonderful piece of software which we have been
using for a number of years now. Its super! :)

    I write chiefly to get some information regarding CVE2008-3281. We are
currently using version 2.6.28, and wanted to merge the patch for
3281,however the patch solution and the latest libxml versions seem to have
some differences. Specifically with the use of ctxt->owner in the patch,
while the latest version does not use it. I tried to search on the list but
could gather nothing conclusive :(.

I would be really grateful if someone could point me in the right direction
or give some background for the same.

Chiefly i wanted to know if the patch merge as is of 3281 is sufficient, or
does the latest version fix some problems in the patch.
I am referring to the following links

On top of this following seems to have been added

Any help would be greatly appreciated

  Please note that SVN use is deprecated, we use git as GNOME SCM for a
few years now !

  Yes, the patch needs to be backported and it may not be trivial. I did
so for version 2.6.26 and I assume it will apply to 2.6.28 without much
troubles. Give it a try,


Daniel Veillard      | libxml Gnome XML XSLT toolkit
daniel veillard com  | Rpmfind RPM search engine | virtualization library

Attachment: libxml2-2.6.26-CVE2008-3281.patch
Description: Text document

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]