On Thu, Sep 22, 2011 at 2:20 AM, Gelle, Sreenivasulu wrote: > HI > I want to know fixes(source code) in for the problems reported in . Please > send me the fixes and if not where I can find them. > > > CVE-2009-2416 > > An XML document with specially-crafted Notation or Enumeration attribute > types in a DTD definition leads to the use of a pointers to memory areas > which have already been freed. > > CVE-2009-2414 > > Missing checks for the depth of ELEMENT DTD definitions when parsing child > content can lead to extensive stack-growth due to a function recursion which > can be triggered via a crafted XML document. > Thanks > -Srini
Dear Sreenivasulu, It is now 2011-09-22. These bugs have been fixed on 2009-08-10, that is, more than two years ago: http://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59 The latest libxml2 sources already contain the fixes for both vulnerabilities. Hope this helps, Csaba -- GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++ The Tao of math: The numbers you can count are not the real numbers. Life is complex, with real and imaginary parts. "Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds "People disagree with me. I just ignore them." -- Linus Torvalds _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org http://mail.gnome.org/mailman/listinfo/xml
