Mandriva has issued this advisory today (January 16): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:005 It appears Funda Wang has already built this update as libxml2-2.7.8-9.4.mga1.src.rpm in updates_testing but no bug was filed for it. Advisory: ======================== Updated libxml2 packages fix security vulnerability: A heap-based buffer overflow in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2011-3919). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:005 ======================== Updated packages in core/updates_testing: ======================== libxml2-devel-2.7.8-9.4.mga1.i586.rpm libxml2-python-2.7.8-9.4.mga1.i586.rpm libxml2-utils-2.7.8-9.4.mga1.i586.rpm libxml2_2-2.7.8-9.4.mga1.i586.rpm from libxml2-2.7.8-9.4.mga1.src.rpm
CC: (none) => fundawang
CC: (none) => anssi.hannula
CC: (none) => jani.valimaa
I have successfully tested this on i586 with this testcase: https://bugs.mageia.org/show_bug.cgi?id=3940#c2
Assignee: bugsquad => qa-bugs
Funda can you please confirm this is ready for QA testing? David please wait for package maintainers to create bugs when they are ready for QA validation. This has caused problems in the past. We have a procedure page on the wiki for this since the last update (seems only last week) : https://wiki.mageia.org/en/Testing_procedure_for_libxml2
Assigning Funda for confirmation this is ready. Please assign to QA when you've had a chance to look. Thanks :)
CC: (none) => qa-bugsHardware: i586 => AllAssignee: qa-bugs => fundawang
Claire, it's good to see you put my libxml2-python testcase on the Wiki :o) I tried the testcase for libxml2-utils and it worked fine as well (i586). Since the testcases only take a few seconds to run, why don't you test it on x86_64? I understand you wouldn't want to if it was more work considering Funda hasn't spoke up yet. In this case, if it test OK on x86_64 for you, this can be validated as soon as Funda confirms it was indeed ready.
Yes, it is ready to test.
Thanks Funda, I've assigned back to QA. Could you please follow the updates policy on the wiki for future updates for mga1. https://wiki.mageia.org/en/Updates_policy#Maintainer_.28or_any_interested_packager.29 Sorry David there's no point in QA testing packages which aren't ready for QA. We have always had plenty of work to do and don't require 'supervising', thankyou. It is good to see you are eager to help though :o) The wiki is open to anybody BTW, if you think of any other testing procedures you'd like to contribute, please feel free to do so. Tested OK x86_64
Assignee: fundawang => qa-bugs
Update Validated Advisory: ======================== Updated libxml2 packages fix security vulnerability: A heap-based buffer overflow in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2011-3919). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919 http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:005 ======================== SRPM: libxml2-2.7.8-9.4.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED