oss-sec mailing list archives
Re: CVE request: libxml2 heap contents leak
From: Pierre Joye <pierre.php () gmail com>
Date: Tue, 25 Jan 2011 17:45:48 +0100
hi, Btw, I re opened the php one as Daniel seems to think that it is the application responsibility and not libxml. I'm not totally convinced and I asked Rob to check this problem again. On Mon, Jan 24, 2011 at 10:41 PM, Kees Cook <kees () ubuntu com> wrote:
Hello, I'd like to get a CVE assigned for a minor heap contents leak in libxml2. I reported that it is possible to leak heap memory contents from libxml2 (and things linked against it, for example PHP[1], or things written in PHP[2]): https://bugzilla.gnome.org/show_bug.cgi?id=631551 Thanks, -Kees [1] http://bugs.php.net/bug.php?id=52998 [2] http://status.net/open-source/issues/2798 -- Kees Cook Ubuntu Security Team
-- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Current thread:
- CVE request: libxml2 heap contents leak Kees Cook (Jan 24)
- Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
- Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)
- Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)