oss-sec mailing list archives

Re: CVE request: libxml2 heap contents leak

From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 25 Jan 2011 17:45:48 +0100

hi,

Btw, I re opened the php one as Daniel seems to think that it is the
application responsibility and not libxml. I'm not totally convinced
and I asked Rob to check this problem again.

On Mon, Jan 24, 2011 at 10:41 PM, Kees Cook <kees () ubuntu com> wrote:

Hello,

I'd like to get a CVE assigned for a minor heap contents leak in
libxml2. I reported that it is possible to leak heap memory contents
from libxml2 (and things linked against it, for example PHP[1], or things
written in PHP[2]):

https://bugzilla.gnome.org/show_bug.cgi?id=631551

Thanks,

-Kees

[1] http://bugs.php.net/bug.php?id=52998
[2] http://status.net/open-source/issues/2798

--
Kees Cook
Ubuntu Security Team




-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

Current thread:

CVE request: libxml2 heap contents leak Kees Cook (Jan 24)
- Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
- Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)
  - Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)