[Bug 1194410] Re: Apply upstream patch to close XXE vulnerability in precise

Launchpad Bug Tracker Mon, 15 Jul 2013 06:03:35 -0700

This bug was fixed in the package libxml2 - 2.8.0+dfsg1-5ubuntu2.3

---------------
libxml2 (2.8.0+dfsg1-5ubuntu2.3) quantal-security; urgency=low


  * SECURITY UPDATE: external entity expansion attack (LP: #1194410)
    - debian/patches/CVE-2013-0339.patch: do not fetch external parsed
      entities in parser.c, added test to test/errors/extparsedent.xml,
      result/errors/extparsedent.xml.
    - CVE-2013-0339
  * SECURITY UPDATE: denial of service via incomplete document
    - debian/patches/CVE-2013-2877.patch: try to stop parsing as quickly as
      possible in parser.c, include/libxml/xmlerror.h.
    - CVE-2013-2877
 -- Marc Deslauriers <[email protected]>   Thu, 11 Jul 2013 14:53:41 
-0400

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1194410

Title:
  Apply upstream patch to close XXE vulnerability in precise

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1194410] Re: Apply upstream patch to close XXE vulnerability in precise

Reply via email to