RedHat has issued an advisory on November 29: https://rhn.redhat.com/errata/RHSA-2012-1512.html
Whiteboard: (none) => MGA2TOO, MGA1TOO
CC: (none) => oe
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libxml2 packages fix security vulnerability: Heap-based buffer underflow, in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document (CVE-2012-5134). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134 https://rhn.redhat.com/errata/RHSA-2012-1512.html ======================== Updated packages in core/updates_testing: ======================== libxml2_2-2.7.8-9.8.mga1 libxml2-utils-2.7.8-9.8.mga1 libxml2-python-2.7.8-9.8.mga1 libxml2-devel-2.7.8-9.8.mga1 libxml2_2-2.7.8-14.20120229.4.mga2 libxml2-utils-2.7.8-14.20120229.4.mga2 libxml2-python-2.7.8-14.20120229.4.mga2 libxml2-devel-2.7.8-14.20120229.4.mga2 from SRPMS: libxml2-2.7.8-9.8.mga1.src.rpm libxml2-2.7.8-14.20120229.4.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => MGA1TOOSeverity: major => critical
Testing procedure here: https://wiki.mageia.org/en/QA_procedure:Libxml2
Whiteboard: MGA1TOO => MGA1TOO has_procedure
Testing complete mga2 32
Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure mga2-32-OK
Testing complete mga1 32 & 64 and Mga2 64 Validating SRPMs and advisory in comment 1 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure mga2-32-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK mga2-32-OK mga2-64-OK
URL: (none) => http://lwn.net/Vulnerabilities/527719/
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0350
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED