Package: libxml2 Version: 2.6.30.dfsg-3 Severity: normal A vulnerability has been reported in libxml2, prior to version 2.6.31, from Daniel Veillard: "Two specially crafted broken UTF-8 sequences when occuring at the wrong place lead the parser to go into an infinite loop." The report is available at: http://mail.gnome.org/archives/xml/2008-January/msg00036.html
A patch can be found at: http://veillard.com/libxml2.patch The fixed source code can be downloaded from: ftp://xmlsoft.org/libxml/libxml2-2.6.31.tar.gz Regards Pascal -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libxml2 depends on: ii libc6 2.7-5 GNU C Library: Shared libraries ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime Versions of packages libxml2 recommends: ii xml-core 0.11 XML infrastructure and XML catalog -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]