[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-151-1 (libxml2)



From:
    	      Thorsten Alteholz <debian@alteholz.de> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 151-1] libxml2 security update 


Date:
    	      Sat, 7 Feb 2015 17:07:17 +0100 (CET)


Message-ID:
    	      <alpine.DEB.2.02.1502071706260.10949@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml2
Version        : 2.7.8.dfsg-2+squeeze11
CVE ID         : CVE-2014-0191 CVE-2014-3660
Debian Bug     : 768089

It was discovered that the update released for libxml2 in DSA 2978 fixing
CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external
entities regardless of whether entity substitution or validation is
enabled.

In addition, this update addresses a regression introduced in DSA 3057 by
the patch fixing CVE-2014-3660. This caused libxml2 to not parse an
entity when it's used first in another entity referenced from an
attribute value.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJU1jg1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHe7wP/RdD/ezlWbyisxeqRwxUvLGY
H05MeDyxedj1440jFofCv843nx0LeEtnLf49Uz3nqhdgIjeaQuVXTiDT9CVyfWOV
GrcylTMjuN0tTIaYRfLGP8197W+PYjZ6iQRDAh6zwyO+aI8AIOCwPf07XizxzsbU
4gXOciRV7Cpau6QhV5gXC197JaYxlmDaIcLtMgncEtN99rJVruvwvRltivk8PVqG
72QW77hOjapRq/S+91vlMsqr3GyrKCFp2mWRrlrivHfxmxmS2TnlmRYxVkX7gFn0
TzX393x/XtCXHzB4DQnV8r230vbbaOn387TUu1lUq56JRBiXYLel2wdZ3DhxXGa4
vlPmO14Y+Gyc861RsIVsGf04onN5swWQWgS5Ts8S1E92ASeqNz+9o20Q5isqRGkW
lgfbhwCVNaMnkQ+FMksAgr19mk38cIC2sZuPBGavdLJxj44wYzp57Gb3TZMb7cCZ
LMQ2hhEyHfq5BM1gcL26SNDgatl1PyQuRgMHVmgEmAuBJqLgvF8UeV8nTbwXxo/D
zXyMstntZCfdNb4PoXaGH2yAcmX4Fhni+rx5IGk4FBgrgJakACwP1aqLsD2SJrwE
XnQlvvhxJHnh0hODYtMBGI/BvVY/Sv42Uc4becCU98SwJOljbMWLnh7yTBWIO6Op
Mvhx8ZeYIIQNO3d1VAhs
=1kxf
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1502071706260.10...
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds