Hi, Attached is the patch I plan to apply as an nmu fixing an RC bug in this package.
Best wishes, Mike
diff -u libxml2-2.7.8.dfsg/parser.c libxml2-2.7.8.dfsg/parser.c --- libxml2-2.7.8.dfsg/parser.c +++ libxml2-2.7.8.dfsg/parser.c @@ -2709,7 +2709,7 @@ buffer[nbchars++] = '&'; if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) buffer[nbchars++] = *cur++; diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog --- libxml2-2.7.8.dfsg/debian/changelog +++ libxml2-2.7.8.dfsg/debian/changelog @@ -1,3 +1,10 @@ +libxml2 (2.7.8.dfsg-6.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2011-3919: buffer overflow in parser.c (closes: #656377). + + -- Michael Gilbert <michael.s.gilb...@gmail.com> Sun, 22 Jan 2012 16:29:49 -0500 + libxml2 (2.7.8.dfsg-6) unstable; urgency=low * Team upload.