DSA-1461 libxml2 -- missing input validationID: oval:org.mitre.oval:def:8180 | Date: (C)2009-12-15 (M)2023-02-20 |
Class: PATCH | Family: unix |
Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. For the old stable distribution (sarge), this problem has been fixed in version 2.6.16-7sarge1. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-2. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your libxml2 packages.
Platform: |
Debian 4.0 |
Debian 3.1 |