Description of problem: From Debian Security Advisory (DSA-2255-1): http://www.debian.org/security/2011/dsa-2255
Assignee: bugsquad => qa-bugs
Package libxml2-2.7.8-9.1.mga1 submitted to updates_testing repository should fix this issue.
Status: NEW => ASSIGNEDCC: (none) => boklm
Possible update text: Chris Evans discovered that libxml2 incorrectly handled memory allocation. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. This issue has been identified at mitre.org by CVE-2011-1944. Updated packages correct the issue.
CC: (none) => stewbintn
Package list includes libxml2-utils libxml2-python libxml2_2 libxml2-devel I've skimmed through the security advisory, but don't see a poc, so for testing, I've just run "xmllint --auto" and "xmlcatalog --create" to confirm the programs will run. For the python test I ran "xmllint --auto>tst.xml" followed by /usr/share/doc/libxml2-python/tst.py which confirmed that the limxml2 module was imported and executable. For the devel file, I simply confirmed that it installed without any conflicts. Tested on a Mageia 1 i586 kde clean install.
CC: (none) => davidwhodgins
On a x86_64 gnome system, xmllint --auto and "xmlcatalog --create work for /usr/share/doc/libxml2-python/tst.py I have root.name failed is that correct ? /me did not understand everything:)
Yes, based on the file created by xmllint. That is enough though, to confirm that the modules are loading and accessible to python programs, which is about all we can test without a better test case. Can someone from the sysadmin team push the packages libxml2-utils libxml2-python libxml2_2 libxml2-devel from Core Updates Testing to Core Updates please. The srpm is libxml2-2.7.8-9.1.mga1.src.rpm
Pushed to updates.
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
CC: boklm => (none)