|
Message-ID: <20080825165041.GZ451@linsec.ca>
Date: Mon, 25 Aug 2008 10:50:41 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: Tomas Hoger <thoger@...hat.com>
Cc: oss-security@...ts.openwall.com, vendor-sec@....de
Subject: Re: Re: libxml2 denial of service flaw
(CVE-2008-3281)
* [2008-08-25 18:11:36 +0200] Tomas Hoger wrote:
>> Does anyone know if this affects anything other than librsvg? If so,
>> the patch approach to fixing libxml2 would be better. I've just
>> started looking into this today, so I'm not quite up to speed on
>> this, but it looks like there are problems with the gnome menus as
>> well.
>
>librsvg and strigi are known to be affected, according to the Debian
>bug. Rebuild against new libxml2 should do the trick, if that's the
>way you can go.
If nothing else may crop up later, then that would be acceptable, but I
wouldn't want something to bite back later.
>> Has anyone tried this new patch?
>
>Being tested now.
Ok, nice. I'll probably be grabbing the patches from your bugzilla as
well to test myself since quite a few users are (rightfully so)
complaining.
--
Vincent Danen @ http://linsec.ca/
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.