Launchpad has imported 9 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=835863.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2012-06-27T10:29:19+00:00 jlieskov wrote:
Common Vulnerabilities and Exposures assigned an identifier
CVE-2012-2807 to the following vulnerability:
Multiple integer overflows in libxml2, as used in Google Chrome before
20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors.
References:
[1] http://code.google.com/p/chromium/issues/detail?id=129930
[2]
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/1
On 2012-06-28T12:08:51+00:00 jlieskov wrote:
Relevant Google Chrome patch:
[3]
http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/4
On 2012-07-18T10:26:45+00:00 veillard wrote:
Okay, i finally pushed a patch upstream that I think should backport
rather easily
http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
that one
http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
should also be applied in the errata to avoid similar problem elsewhere.
Somehow that's not a complete fix but that's the most immediate and
simple way to stop the given problem. I'm still working on a (rather
large and intrusive) set of patches for upstream but I would not suggest
to push that in RHEL. For fedora I may be tempted to rebase once a new
libxml2 version is out
Daniel
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/7
On 2012-07-27T07:08:17+00:00 huzaifas wrote:
The above patches, described in comment #4 seems to solve the problem
here. libxml2 no longer crashes with them.
For Red Hat Enterprise Linux use case, we may however require few more
patches from upstream.
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/8
On 2012-07-27T08:42:59+00:00 huzaifas wrote:
Created libxml2 tracking bugs for this issue
Affects: fedora-all [bug 843743]
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/9
On 2012-09-04T21:37:12+00:00 teger wrote:
This has been reported over 2 months ago with a possible fix coming in a
little over a month. Is there any plan of action to fix libxml2
vulnerabilities?
Primarily this is a bump to put in back on someones to do list.
Thank you
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/10
On 2012-09-18T17:21:34+00:00 errata-xmlrpc wrote:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:1288 https://rhn.redhat.com/errata/RHSA-2012-1288.html
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/12
On 2012-09-20T02:42:09+00:00 huzaifas wrote:
Created mingw32-libxml2 tracking bugs for this issue
Affects: epel-5 [bug 858914]
Affects: fedora-all [bug 858915]
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/13
On 2013-01-04T10:35:49+00:00 huzaifas wrote:
This flaw affects x86_64 version of libxml2 only, however
mingw32-libxml2 is only shipped as x86 (32-bit) and therefore it is not
affected.
Statement:
This issue affected the version of libxml2 as shipped with Red Hat
Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This
issue does not affect the version of mingw32-libxml2 as shipped with Red
Hat Enterprise Linux 6.
Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/17
** Bug watch added: code.google.com/p/chromium/issues #129930
http://code.google.com/p/chromium/issues/detail?id=129930
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is