Hi, * Pascal Volk <[EMAIL PROTECTED]> [2008-01-12 04:04]: > Package: libxml2 > Version: 2.6.30.dfsg-3 > Severity: normal > > A vulnerability has been reported in libxml2, prior to version 2.6.31, from > Daniel Veillard: > "Two specially crafted broken UTF-8 sequences when occuring at the wrong > place lead the parser to go into an infinite loop." > The report is available at: > http://mail.gnome.org/archives/xml/2008-January/msg00036.html > > A patch can be found at: > http://veillard.com/libxml2.patch > The fixed source code can be downloaded from: > ftp://xmlsoft.org/libxml/libxml2-2.6.31.tar.gz
Is there any service using libxml2? If not I would consider this a normal bug rather than a security issue. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOfRicQz97Y.pgp
Description: PGP signature
