Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#15898 - [libxml2] CVE-2009-2416 en CVE-2009-2414
Attached to Project:
Arch Linux
Opened by Henk van de Kamer (hvdkamer) - Tuesday, 11 August 2009, 10:26 GMT
Last edited by Jan de Groot (JGC) - Saturday, 15 August 2009, 10:44 GMT
Opened by Henk van de Kamer (hvdkamer) - Tuesday, 11 August 2009, 10:26 GMT
Last edited by Jan de Groot (JGC) - Saturday, 15 August 2009, 10:44 GMT
|
DetailsDescription:
In the last couple of days there were security releases for RedHat, Debian and others. I was wondering if Arch Linux was vunerable and did some investigation. Version 2.7.3 is from Jan 18th this year. In RedHat bug 515195 [1] Daniel Veillard posts the fix for both problems. He is one of the persons behind the libxml2 project. Because of the date -- 3th Aug -- i must conclude that the current version is vunerable. I don't know if Arch Linux is used in the finacial world, but this person [2] thinks that this bug is major. Until a new version of libxml2 is released I think the patches should be applied. [1] https://bugzilla.redhat.com/show_bug.cgi?id=515195 [2] http://news.softpedia.com/news/Flaws-in-XML-Libraries-Put-Countless-Applications-at-Risk-118535.shtml |
This task depends upon