[Touch-packages] [Bug 1018204] Re:

[Bug Watch Updater]

** Changed in: libxml2 (Fedora)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1018204

Title:
  http://googlechromereleases.blogspot.com/2012/06/stable-channel-
  update_26.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1018204/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1018204] Re:

[Bug Watch Updater]

Launchpad has imported 9 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=835863.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-06-27T10:29:19+00:00 jlieskov wrote:

Common Vulnerabilities and Exposures assigned an identifier
CVE-2012-2807 to the following vulnerability:

Multiple integer overflows in libxml2, as used in Google Chrome before
20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors.

References:
[1] http://code.google.com/p/chromium/issues/detail?id=129930
[2] 
http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/1


On 2012-06-28T12:08:51+00:00 jlieskov wrote:

Relevant Google Chrome patch:
[3] 
http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/4


On 2012-07-18T10:26:45+00:00 veillard wrote:

Okay, i finally pushed a patch upstream that I think should backport
rather easily

http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626

that one

http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28

should also be applied in the errata to avoid similar problem elsewhere.
Somehow that's not a complete fix but that's the most immediate and
simple way to stop the given problem. I'm still working on a (rather
large and intrusive) set of patches for upstream but I would not suggest
to push that in RHEL. For fedora I may be tempted to rebase once a new
libxml2 version is out

Daniel

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/7


On 2012-07-27T07:08:17+00:00 huzaifas wrote:

The above patches, described in comment #4 seems to solve the problem
here. libxml2 no longer crashes with them.

For Red Hat Enterprise Linux use case, we may however require few more
patches from upstream.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/8


On 2012-07-27T08:42:59+00:00 huzaifas wrote:

Created libxml2 tracking bugs for this issue

Affects: fedora-all [bug 843743]

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/9


On 2012-09-04T21:37:12+00:00 teger wrote:

This has been reported over 2 months ago with a possible fix coming in a
little over a month.  Is there any plan of action to fix libxml2
vulnerabilities?

Primarily this is a bump to put in back on someones to do list.
Thank you

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/10


On 2012-09-18T17:21:34+00:00 errata-xmlrpc wrote:

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:1288 https://rhn.redhat.com/errata/RHSA-2012-1288.html

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/12


On 2012-09-20T02:42:09+00:00 huzaifas wrote:

Created mingw32-libxml2 tracking bugs for this issue

Affects: epel-5 [bug 858914]
Affects: fedora-all [bug 858915]

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/13


On 2013-01-04T10:35:49+00:00 huzaifas wrote:

This flaw affects x86_64 version of libxml2 only, however
mingw32-libxml2 is only shipped as x86 (32-bit) and therefore it is not
affected.


Statement:

This issue affected the version of libxml2 as shipped with Red Hat
Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This
issue does not affect the version of mingw32-libxml2 as shipped with Red
Hat Enterprise Linux 6.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/17


** Bug watch added: code.google.com/p/chromium/issues #129930
   http://code.google.com/p/chromium/issues/detail?id=129930

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is 

[Touch-packages] [Bug 1018204] Re:

[Bug Watch Updater]

Launchpad has imported 7 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=835982.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-06-27T18:07:40+00:00 Vincent wrote:

The Google Chrome 20 release announcement [1] noted and fixed a flaw in
libxslt:

* [$500] [127417] Medium CVE-2012-2825: Wild read in XSL handling.
Credit to Nicholas Gregoire.

This has been corrected in the Chromium git repository [2]; the upstream
fix is noted as pending.

[1] 
http://googlechromereleases.blogspot.de/2012/06/stable-channel-update_26.html
[2] 
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=bb7bfb81c158268fb242292b7e0fbd2d3b933d09

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/1


On 2012-06-27T18:13:44+00:00 Vincent wrote:

Created libxslt tracking bugs for this issue

Affects: fedora-all [bug 835983]

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/2


On 2012-09-13T17:44:06+00:00 errata-xmlrpc wrote:

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2012:1265 https://rhn.redhat.com/errata/RHSA-2012-1265.html

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/5


On 2012-09-26T09:11:32+00:00 Fedora wrote:

libxslt-1.1.26-10.fc17 has been pushed to the Fedora 17 stable
repository.  If problems still persist, please make note of it in this
bug report.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/6


On 2012-09-27T04:26:36+00:00 Fedora wrote:

libxslt-1.1.26-9.fc16 has been pushed to the Fedora 16 stable
repository.  If problems still persist, please make note of it in this
bug report.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/7


On 2012-12-09T06:30:59+00:00 Fedora wrote:

libxslt-1.1.27-2.fc18 has been pushed to the Fedora 18 stable
repository.  If problems still persist, please make note of it in this
bug report.

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/8


On 2013-11-06T16:12:02+00:00 Vincent wrote:

Statement:

(none)

Reply at: https://bugs.launchpad.net/ubuntu/+source/chromium-
browser/+bug/1018204/comments/9


** Changed in: libxml2 (Fedora)
   Status: Unknown => Confirmed

** Changed in: libxml2 (Fedora)
   Importance: Unknown => Medium

** Changed in: libxslt (Fedora)
   Status: Unknown => Fix Released

** Changed in: libxslt (Fedora)
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1018204

Title:
  http://googlechromereleases.blogspot.com/2012/06/stable-channel-
  update_26.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1018204/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp