Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#12690 - libxml2 security issues
Attached to Project:
Arch Linux
Opened by kujub (kujub) - Tuesday, 06 January 2009, 18:42 GMT
Last edited by Aaron Griffin (phrakture) - Monday, 26 January 2009, 19:09 GMT
Opened by kujub (kujub) - Tuesday, 06 January 2009, 18:42 GMT
Last edited by Aaron Griffin (phrakture) - Monday, 26 January 2009, 19:09 GMT
|
DetailsDescription:
Two security issues have been discovered in libxml2 2.7.2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4226 To fix these I just had to add CVE-2008-4225.patch and CVE-2008-4226.patch from http://kojipkgs.fedoraproject.org/packages/libxml2/2.7.2/2.fc10/src/libxml2-2.7.2-2.fc10.src.rpm to the PKGBUILD here. :) Additional info: * package version(s) 2.7.2-1 |
This task depends upon
Closed by Aaron Griffin (phrakture)
Monday, 26 January 2009, 19:09 GMT
Reason for closing: Upstream
Additional comments about closing: Fixed upstream
Monday, 26 January 2009, 19:09 GMT
Reason for closing: Upstream
Additional comments about closing: Fixed upstream
Comment by kujub (kujub) -
Monday, 26 January 2009, 19:04 GMT
I looked into 2.7.3 upstream now. The two patches are already applied there.