[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.003-libxml.txt

Fri, 05 Mar 2004 09:34:20 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   05-Mar-2004 18:34:18
  Branch: HEAD                             Handle: 2004030517341800

  Modified files:
    openpkg-web/security    OpenPKG-SA-2004.003-libxml.txt

  Log:
    final polishing

  Summary:
    Revision    Changes     Path
    1.4         +10 -9      openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt
  ============================================================================
  $ cvs diff -u -r1.3 -r1.4 OpenPKG-SA-2004.003-libxml.txt
  --- openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt       5 Mar 2004 16:10:38 
-0000       1.3
  +++ openpkg-web/security/OpenPKG-SA-2004.003-libxml.txt       5 Mar 2004 17:34:18 
-0000       1.4
  @@ -26,16 +26,17 @@
                        xmlsec
   
   Description:
  -  A flaw in libxml2 [0] found by Yuuichi Teranishi can be exploited to
  -  cause a buffer overflow if passed a very long URL [1]. This could be
  -  used by an attacker to execute arbitrary code on the host computer.
  -  The Common Vulnerabilities and Exposures (CVE) project assigned the
  -  id CAN-2004-0110 [2] to the problem.
  +  A flaw in the HTTP and FTP client sub-library of libxml2 [0]
  +  found by Yuuichi Teranishi can be exploited to cause a buffer
  +  overflow if passed a very long URL [1]. This could be used by
  +  an attacker to execute arbitrary code on the host computer. The
  +  Common Vulnerabilities and Exposures (CVE) project assigned the id
  +  CAN-2004-0110 [2] to the problem.
   
  -  Please check whether you are affected by running "<prefix>/bin/rpm
  -  -q libxml". If you have the "libxml" package installed and its version
  -  is affected (see above), we recommend that you immediately upgrade
  -  it (see solution) and any dependent packages (see above). [3][4]
  +  Please check whether you are affected by running "<prefix>/bin/rpm -q
  +  libxml". If you have the "libxml" package installed and its version
  +  is affected (see above), we recommend that you immediately upgrade it
  +  (see solution) and any dependent packages (see above). [3][4]
   
   Solution:
     Select the updated source RPM appropriate for your OpenPKG release
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to