Re: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH

To: Giuseppe Iuculano <iuculano@debian.org>, 602609@bugs.debian.org
Cc: debian-release@lists.debian.org, team@security.debian.org
Subject: Re: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
From: Mike Hommey <mh@glandium.org>
Date: Sat, 6 Nov 2010 15:49:00 +0100
Message-id: <[🔎] 20101106144900.GA26964@glandium.org>
Mail-followup-to: Giuseppe Iuculano <iuculano@debian.org>, 602609@bugs.debian.org, debian-release@lists.debian.org, team@security.debian.org
In-reply-to: <20101106132218.5312.17598.reportbug@SD6-Casa.iuculano.it>
References: <20101106132218.5312.17598.reportbug@SD6-Casa.iuculano.it>

On Sat, Nov 06, 2010 at 02:22:18PM +0100, Giuseppe Iuculano wrote:
> Package: libxml2
> Version: 2.7.7.dfsg-4
> Severity: serious
> Tags: security
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> it was discovered that libxml2 does not well process a malformed XPATH,
> causing crash and allowing arbitrary code execution.
> 
> Patch:
> http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
> http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9

Interestingly none of the above commits talk about crash and arbitrary
code execution. Is there a working test case available somewhere?

Anyways, that would need a backport for stable, and maybe testing,
depending how the release team feels about 2.7.8.

Mike

Reply to:

Follow-Ups:
- Re: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Re: New slurm-llnl package for squeeze
Next by Date: Re: New slurm-llnl package for squeeze
Previous by thread: Bug#602614: marked as done (unblock: sane-backends/1.0.21-6)
Next by thread: Re: [xml/sgml-pkgs] Bug#602609: CVE-2010-4008: does not well process a malformed XPATH
Index(es):
- Date
- Thread