Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#75515 - [libxml2] [security] double-free, integer overflows, use-after-free
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Thursday, 04 August 2022, 20:48 GMT
Last edited by Toolybird (Toolybird) - Monday, 29 August 2022, 21:13 GMT
Opened by T.J. Townsend (blakkheim) - Thursday, 04 August 2022, 20:48 GMT
Last edited by Toolybird (Toolybird) - Monday, 29 August 2022, 21:13 GMT
|
DetailsDescription:
Upstream libxml2 has fixed a number of bugs with security implications without cutting a new release. At least one of them has an oss-fuzz bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43743 The attached diff cherrypicks four of these commits for the Arch package. Additional info: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ecba4cbd4335b31aa7a815701971ed09cfffea9b https://gitlab.gnome.org/GNOME/libxml2/-/commit/ca2c91f139426f63646292da58a15a1511dccc0f https://gitlab.gnome.org/GNOME/libxml2/-/commit/a6df42e649acacb55be832222d1f3f50c66720ff https://gitlab.gnome.org/GNOME/libxml2/-/commit/c50196c13d348025a4843305902bb37df64bae36 
libxml.diff
(0.9 KiB)
|
This task depends upon
Closed by Toolybird (Toolybird)
Monday, 29 August 2022, 21:13 GMT
Reason for closing: Fixed
Additional comments about closing: libxml2 2.10.2-1
Monday, 29 August 2022, 21:13 GMT
Reason for closing: Fixed
Additional comments about closing: libxml2 2.10.2-1
CVE-2022-2309 has been assigned to the xmlCtxtReset one.