Name: CVE-2013-1969 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1969 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20130219 Category: Reference: MLIST:[oss-security] 20130417 CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Reference: URL:http://www.openwall.com/lists/oss-security/2013/04/17/4 Reference: MLIST:[oss-security] 20130418 Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Reference: URL:http://www.openwall.com/lists/oss-security/2013/04/19/1 Reference: CONFIRM:https://bugzilla.gnome.org/show_bug.cgi?id=690202 Reference: CONFIRM:https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f Reference: SECUNIA:53061 Reference: URL:http://secunia.com/advisories/53061 Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. Reproducible: Steps to Reproduce:
This was already fixed in libxml2-2.9.0-5.mga3 in Cauldron. This also does not affect the libxml2 version in Mageia 2.
Status: NEW => RESOLVEDCC: (none) => luigiwalserResolution: (none) => INVALID