oss-sec mailing list archives
Re: libxml2 "ampproblem" DoS
From: Daniel Veillard <veillard () redhat com>
Date: Fri, 3 Oct 2008 09:16:16 +0200
On Thu, Oct 02, 2008 at 06:41:18PM +0200, Robert Buchholz wrote:
Hey, I did not look into this issue closely yet, but I can reproduce an OOM situation on libxml2 2.7.1, but not on 2.6.32. The malicious XML file can be found on http://bugzilla.gnome.org/show_bug.cgi?id=554660 I'm not sure if and how this is related to CVE-2008-3281.
It's unrelated, the patch is attached to the bug, only 2.7.x is affected and I will release 2.7.2 within a couple of hours. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel () veillard com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
Current thread:
- libxml2 "ampproblem" DoS Robert Buchholz (Oct 02)
- Re: libxml2 "ampproblem" DoS Daniel Veillard (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Robert Buchholz (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Steven M. Christey (Oct 03)
- Re: Re: libxml2 "ampproblem" DoS Tomas Hoger (Oct 06)
- Re: Re: libxml2 "ampproblem" DoS Robert Buchholz (Oct 06)
- Re: Re: libxml2 "ampproblem" DoS Steven M. Christey (Oct 07)
- Re: libxml2 "ampproblem" DoS Daniel Veillard (Oct 03)