On Tue, Jul 31, 2012 at 11:33:52PM +0200, Nicolas Grégoire wrote:
> Hello,
>
> I spent some time fuzzing the libxslt engine. The following tickets
> describe some identified issues with possible security implications:
>
> Off-by-one write in rc4_decrypt
> https://bugzilla.gnome.org/show_bug.cgi?id=675917
>
> Read of previously free'd memory when using func:result
> https://bugzilla.gnome.org/show_bug.cgi?id=680920
>
> Off-by-one read in pattern parsing
> https://bugzilla.gnome.org/show_bug.cgi?id=680924
>
> Nick Wellnhofer has already proposed some patches (that I didn't test
> for the moment). Many thanks to him!
Okay, everything seems resolved in git head for both project now,
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
[email protected] | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
https://mail.gnome.org/mailman/listinfo/xml
