oss-sec mailing list archives
Re: Re: libxml2 denial of service flaw (CVE-2008-3281)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 24 Aug 2008 16:49:55 +0200
Hi Robert, * Robert Buchholz <rbu () gentoo org> [2008-08-23 18:06]:
On Wednesday 20 August 2008, Daniel Veillard wrote:On Wed, Aug 20, 2008 at 12:42:29PM -0400, Josh Bressers wrote:Yes, this can be considered public. An announcement should be appearing on the xml list shortly: http://mail.gnome.org/archives/xml/It's out: http://mail.gnome.org/archives/xml/2008-August/msg00034.html thanks everybody !Our gnome maintainers pointed out that the patch (which was also pushed upstream) breaks GDM in GNOME 2.22, as can be seen in Gentoo and Mandriva: https://bugs.gentoo.org/show_bug.cgi?id=235529 https://qa.mandriva.com/show_bug.cgi?id=43094 upstream bug: http://bugzilla.gnome.org/show_bug.cgi?id=549087 Those who did not push updates yet might want to delay this, we have been reverting the patch for now. I am CC'ing oss-security, please send follow-ups to that list.
Looks like rebuilding librsvg against libxml2 does solve the problem referring to our bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496125#79 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: libxml2 denial of service flaw (CVE-2008-3281) Robert Buchholz (Aug 23)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Tomas Hoger (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Florian Weimer (Aug 25)
- Re: Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)