Re: [xml] libxml2.9.0 Vulnerability Confirmation

From: Bjoern Hoehrmann <derhoermi gmx net>
To: Sandeep H S <hssandeep16 gmail com>
Cc: xml gnome org
Subject: Re: [xml] libxml2.9.0 Vulnerability Confirmation
Date: Thu, 30 Jan 2014 17:20:26 +0100

* Sandeep H S wrote:

We have a product which is dependent on libxml2. I required one
confirmation regarding "Multiple use-after-free vulnerabilities in libxml2
2.9.0". It would be very helpful if you please confirm the same

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1969

In the above link, Affected version is mentioned as libxml2 2.9.0 but also
there is line specifying other versions are also affected.

Please let me know which are the other versions affected and in particular
libxml2 2.7.5 is affected ?

What is the test that can be done to check whether particular libxml2
verison is affect by  "Multiple use-after-free vulnerabilities".


Please note that the report linked above has links to the libxml2 bug
tracker which in turn has links to the revision control system and it
might well be that nobody will go through the effort to identify all
affected releases for you; also keep in mind that this can be an
error-prone process. And libxml2 2.7.5 is from 2009, it is probably
not a good idea to keep it around.
-- 
Björn Höhrmann · mailto:bjoern hoehrmann de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/

References:
- [xml] libxml2.9.0 Vulnerability Confirmation
  - From: Sandeep H S

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]