Hi
Just to make sure: have you seen the thread "Lenny users: attn about
Gnome/libxml2 breakage" on the debian-user mailing list (started by me)?
I'm in the process of creating a bug report. (If that's not necessary
anymore, tell me.)
Christian.
PS. I wanted to send this email privately, but since the Reply-To header
redirected my client to debian-security (I barely noticed), this seems
to be the general wish, so I'm leaving it at that.
Steve Kemp wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1631-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
August 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libxml2
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3281
Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU & memory resources were exhausted.
For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-3.
For the unstable distribution (sid), this problem will be fixed soon.
...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
