Debian-LTS has issued an advisory on October 25: http://lwn.net/Alerts/662021/ Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections() in parser.c (CVE-2015-7942). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942 https://bugzilla.gnome.org/show_bug.cgi?id=756456 http://lwn.net/Alerts/662021/ ======================== Updated packages in core/updates_testing: ======================== libxml2_2-2.9.1-11.2.mga5 libxml2-utils-2.9.1-11.2.mga5 libxml2-python-2.9.1-11.2.mga5 libxml2-devel-2.9.1-11.2.mga5 from libxml2-2.9.1-11.2.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Libxml2
Whiteboard: (none) => has_procedure
(In reply to David Walser from comment #1) > Testing procedure: > https://wiki.mageia.org/en/QA_procedure:Libxml2 Tested on MGA5-64-OK and OKing it. I also ran the perl-XML-LibXML tests through the new version and they all pass.
CC: (none) => shlomifWhiteboard: has_procedure => has_procedure MGA5-64-OK
Thanks Shlomi. Validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0423.html
Status: NEW => RESOLVEDResolution: (none) => FIXED