oss-sec mailing list archives

CVE request: libxml2 heap contents leak

From: Kees Cook <kees () ubuntu com>
Date: Mon, 24 Jan 2011 13:41:24 -0800

Hello,

I'd like to get a CVE assigned for a minor heap contents leak in
libxml2. I reported that it is possible to leak heap memory contents
from libxml2 (and things linked against it, for example PHP[1], or things
written in PHP[2]):

https://bugzilla.gnome.org/show_bug.cgi?id=631551

Thanks,

-Kees

[1] http://bugs.php.net/bug.php?id=52998
[2] http://status.net/open-source/issues/2798

-- 
Kees Cook
Ubuntu Security Team

Current thread:

CVE request: libxml2 heap contents leak Kees Cook (Jan 24)
- Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
- Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)
  - Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)