Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. For the stable distribution , this problem has been fixed in version 2.6.32.dfsg-5+lenny2. For the testing and unstable distribution, this problem has been fixed in version 2.7.8.dfsg-1. We recommend that you upgrade your libxml2 package.