We missed these buffer overflows in libxml, which we fixed in libxml2. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989 These issues also affect FC2
Fixed with release 2.6.15 (and 2.6.16-3 yesterday), Daniel
Right, this issue is for libxml-1.8.17 though, not libxml2.
To clarify this (I've confused a few people). We ship libxml2 and libxml1. We applied these fixes to libxml2 and released updates. We did not apply these to libxml1.
Testing comment.
The same fix for 139090 applies directly to FC2 and FC3 version of libxml, as a result I pushed: - libxml-1_8_17-10_1_2 to dist-fc2-updates-candidate - libxml-1_8_17-12 to dist-fc3-updates-candidate I will try to get them approved for the push, and will send an errata mail once done. Daniel
Was there ever an update annoucement mail for this? The package is in the updates area, but I don't think I ever got a message and can't find one in the fedora-announce-list archives....
Closing as updates are out.