oss-sec mailing list archives

Re: CVE request: libxml2 heap contents leak

From: Josh Bressers <bressers () redhat com>
Date: Tue, 25 Jan 2011 11:26:50 -0500 (EST)

Please use CVE-2010-4657.

Thanks.

-- 
    JB

----- Original Message -----

Hello,

I'd like to get a CVE assigned for a minor heap contents leak in
libxml2. I reported that it is possible to leak heap memory contents
from libxml2 (and things linked against it, for example PHP[1], or
things
written in PHP[2]):

https://bugzilla.gnome.org/show_bug.cgi?id=631551

Thanks,

-Kees

[1] http://bugs.php.net/bug.php?id=52998
[2] http://status.net/open-source/issues/2798

--
Kees Cook
Ubuntu Security Team

Current thread:

CVE request: libxml2 heap contents leak Kees Cook (Jan 24)
- Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
- Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)
  - Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)