Re: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
On Sat, Nov 06, 2010 at 02:22:18PM +0100, Giuseppe Iuculano wrote:
> Package: libxml2
> Version: 2.7.7.dfsg-4
> Severity: serious
> Tags: security
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> it was discovered that libxml2 does not well process a malformed XPATH,
> causing crash and allowing arbitrary code execution.
Interestingly none of the above commits talk about crash and arbitrary
code execution. Is there a working test case available somewhere?
Anyways, that would need a backport for stable, and maybe testing,
depending how the release team feels about 2.7.8.