Tags Tags

Bug#643648: CVE-2011-2834 and CVE-2011-2821

September 28th, 2011 - 07:00 am ET by Giuseppe Iuculano | Report spam
Help Create a new topic
Package: libxml2
Severity: serious
Tags: security

Hash: SHA1

Hi,

two libxml2 issues were fixed in the latest chrome updates:

CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.

Patch:
http://git.gnome.org/browse/libxml2...5b41115de6


CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.

Patch: http://src.chromium.org/viewvc/chro...p;revision˜359


Cheers,
Giuseppe




To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
email Follow the discussionReplies 3 repliesReplies Make a reply

Replies

#1 Mike Hommey
October 07th, 2011 - 03:10 am ET | Report spam
On Wed, Sep 28, 2011 at 12:54:33PM +0200, Giuseppe Iuculano wrote:
Package: libxml2
Severity: serious
Tags: security

Hash: SHA1

Hi,

two libxml2 issues were fixed in the latest chrome updates:

CVE-2011-2821
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.

Patch:
http://git.gnome.org/browse/libxml2...5b41115de6


CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.

Patch: http://src.chromium.org/viewvc/chro...p;revision˜359



I'm going to push that to unstable, do we want stable/oldstable
backports?

Mike



To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Similar topics

Make your own search :