Mandriva has issued an advisory on August 6: http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:126
Whiteboard: (none) => MGA2TOO, MGA1TOO
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libxml2 packages fix security vulnerability: Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:126 ======================== Updated packages in core/updates_testing: ======================== libxml2_2-2.7.8-9.7.mga1 libxml2-utils-2.7.8-9.7.mga1 libxml2-python-2.7.8-9.7.mga1 libxml2-devel-2.7.8-9.7.mga1 libxml2_2-2.7.8-14.20120229.3.mga2 libxml2-utils-2.7.8-14.20120229.3.mga2 libxml2-python-2.7.8-14.20120229.3.mga2 libxml2-devel-2.7.8-14.20120229.3.mga2 from SRPMS: libxml2-2.7.8-9.7.mga1.src.rpm libxml2-2.7.8-14.20120229.3.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => MGA1TOO
I haven't found any POCs, so let's test for regressions. We've got a testing procedure in the wiki: https://wiki.mageia.org/en/QA_procedure:Libxml2
CC: (none) => stormiWhiteboard: MGA1TOO => MGA1TOO has_procedure
Severity: normal => critical
Testing complete on Mageia 2 i586. I'll test 2 x86-64 shortly.
CC: (none) => davidwhodginsWhiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA2-32-OK
Testing complete on Mageia 2 x86-64. Testing Mageia 1 i586 shortly.
Whiteboard: MGA1TOO has_procedure MGA2-32-OK => MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK
Testing complete on Mageia 1 i586. Testing 1 x86-64 shortly.
Whiteboard: MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK => MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone from the sysadmin team push the srpm libxml2-2.7.8-14.20120229.3.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm libxml2-2.7.8-9.7.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated libxml2 packages fix security vulnerability: Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:126 https://bugs.mageia.org/show_bug.cgi?id=6985
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK MGA1-32-OK => MGA1TOO has_procedure MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0213
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED