oss-sec mailing list archives
Re: Re: libxml2 "ampproblem" DoS
From: Robert Buchholz <rbu () gentoo org>
Date: Fri, 3 Oct 2008 12:27:08 +0200
On Friday 03 October 2008, Daniel Veillard wrote:
On Thu, Oct 02, 2008 at 06:41:18PM +0200, Robert Buchholz wrote:Hey, I did not look into this issue closely yet, but I can reproduce an OOM situation on libxml2 2.7.1, but not on 2.6.32. The malicious XML file can be found on http://bugzilla.gnome.org/show_bug.cgi?id=554660 I'm not sure if and how this is related to CVE-2008-3281.It's unrelated, the patch is attached to the bug, only 2.7.x is affected and I will release 2.7.2 within a couple of hours.
Sounds good, thanks. Steven, can you assign a CVE id for this? Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- libxml2 "ampproblem" DoS Robert Buchholz (Oct 02)
- Re: libxml2 "ampproblem" DoS Daniel Veillard (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Robert Buchholz (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Steven M. Christey (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Tomas Hoger (Oct 06)
- Re: Re: libxml2 "ampproblem" DoS Robert Buchholz (Oct 06)
- Re: Re: libxml2 "ampproblem" DoS Steven M. Christey (Oct 07)
- Re: libxml2 "ampproblem" DoS Daniel Veillard (Oct 03)