oss-sec mailing list archives
Re: libxml2 denial of service flaw (CVE-2008-3281)
From: Robert Buchholz <rbu () gentoo org>
Date: Sat, 23 Aug 2008 17:53:16 +0200
On Wednesday 20 August 2008, Daniel Veillard wrote:
On Wed, Aug 20, 2008 at 12:42:29PM -0400, Josh Bressers wrote:Yes, this can be considered public. An announcement should be appearing on the xml list shortly: http://mail.gnome.org/archives/xml/It's out: http://mail.gnome.org/archives/xml/2008-August/msg00034.html thanks everybody !
Our gnome maintainers pointed out that the patch (which was also pushed upstream) breaks GDM in GNOME 2.22, as can be seen in Gentoo and Mandriva: https://bugs.gentoo.org/show_bug.cgi?id=235529 https://qa.mandriva.com/show_bug.cgi?id=43094 upstream bug: http://bugzilla.gnome.org/show_bug.cgi?id=549087 Those who did not push updates yet might want to delay this, we have been reverting the patch for now. I am CC'ing oss-security, please send follow-ups to that list. Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: libxml2 denial of service flaw (CVE-2008-3281) Robert Buchholz (Aug 23)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Tomas Hoger (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Florian Weimer (Aug 25)
- Re: Re: [vendor-sec] Re: [oss-security] Re: libxml2 denial of service flaw (CVE-2008-3281) Vincent Danen (Aug 25)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)
- Re: Re: libxml2 denial of service flaw (CVE-2008-3281) Nico Golde (Aug 24)