oss-sec mailing list archives
Re: Re: libxml2 denial of service flaw (CVE-2008-3281)
From: Vincent Danen <vdanen () linsec ca>
Date: Mon, 25 Aug 2008 10:50:41 -0600
* [2008-08-25 18:11:36 +0200] Tomas Hoger wrote:
Does anyone know if this affects anything other than librsvg? If so, the patch approach to fixing libxml2 would be better. I've just started looking into this today, so I'm not quite up to speed on this, but it looks like there are problems with the gnome menus as well.librsvg and strigi are known to be affected, according to the Debian bug. Rebuild against new libxml2 should do the trick, if that's the way you can go.
If nothing else may crop up later, then that would be acceptable, but I wouldn't want something to bite back later.
Has anyone tried this new patch?Being tested now.
Ok, nice. I'll probably be grabbing the patches from your bugzilla as well to test myself since quite a few users are (rightfully so) complaining. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- Re: libxml2 denial of service flaw (CVE-2008-3281) Robert Buchholz (Aug 23)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Tomas Hoger (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Florian Weimer (Aug 25)
- Re: Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)