Bug 12566 – libxml2: CVE-2011-2834 DoS via double free in XPath handling

Bug 12566 - libxml2: CVE-2011-2834 DoS via double free in XPath handling


Summary:	libxml2: CVE-2011-2834 DoS via double free in XPath handling

Status:	RESOLVED FIXED

Product:	Maemo 5 Community SSU
Component:	general
Version:	testing
Platform:	N900 Maemo

Importance:	Unspecified major (vote)
Target Milestone:	---
Assigned To:	unassigned
QA Contact:	general

URL:
Keywords:	patch, security

Depends on:
Blocks:
	Show dependency tree

Reported:	2012-01-28 20:07 UTC by Andre Klapper
Modified:	2012-04-07 20:05 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description Andre Klapper (reporter) maemo.org

2012-01-28 20:07:05 UTC

SOFTWARE VERSION:
21.2011.38-1Tmaemo1.2 (17.01.2012)
libxml2 2.6.32.dfsg-5maemo4+0m5 as officially shipped

EXACT STEPS LEADING TO PROBLEM:
https://bugzilla.gnome.org/show_bug.cgi?id=668859

PATCH:
See https://bugzilla.gnome.org/show_bug.cgi?id=668859

Comment 1 Christian Ratzenhofer 2012-04-07 20:05:21 UTC

This has been fixed for the Community SSU Updates in package
libxml2 (2.6.32.dfsg-5maemo4+0m5+0cssu0)
which is part of the build version
21.2011.38-1Tmaemo3
(Note: 21.2011.38-1is the latest official Nokia version.
The number after it indicates the Community SSU release version.)

Commit:
https://gitorious.org/community-ssu/libxml2/commit/09975752fa14b0853daa8c1f0518810cbb12cb69

For more information about Community SSU please see
http://wiki.maemo.org/Community_SSU