On Tue, Nov 18, 2008 at 07:16:50PM +0000, Graham Bennett wrote: > Hi all, > > I've been notified of a Redhat security update for libxml2: > https://rhn.redhat.com/errata/RHSA-2008-0988.html, and was hoping to > update my own builds with a version that doesn't suffer from these > vulnerabilities (I build from the standard source distribution, not the > Redhat source). > > It wasn't immediately obvious from the release notes and recent mailing > list traffic if these have been fixed in a released version of the > libxml distribution yet. If they haven't, is a new released planned to > address them?
Speaking of which, the patch for the SAX2Characters issue seems strange to me. While it is okay on 32-bits architectures, it doesn't make much sense on 64-bits architectures, where the addition of 2 ints can hardly be greater than SIZE_T_MAX. FWIW, as SIZE_T_MAX was not defined on glibc, the patch I applied on debian replaces SIZE_T_MAX with UINT_MAX. Mike _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
