-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1631-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
August 22, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libxml2
Vulnerability : denial of service
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-3281
Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU & memory resources were exhausted.
For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-3.
For the unstable distribution (sid), this problem will be fixed soon.