We missed these buffer overflows in libxml, which we fixed in libxml2.
These issues also affect FC2
Fixed with release 2.6.15 (and 2.6.16-3 yesterday),
Right, this issue is for libxml-1.8.17 though, not libxml2.
To clarify this (I've confused a few people).
We ship libxml2 and libxml1. We applied these fixes to libxml2 and released
We did not apply these to libxml1.
The same fix for 139090 applies directly to FC2 and FC3 version
of libxml, as a result I pushed:
- libxml-1_8_17-10_1_2 to dist-fc2-updates-candidate
- libxml-1_8_17-12 to dist-fc3-updates-candidate
I will try to get them approved for the push, and will send an
errata mail once done.
Was there ever an update annoucement mail for this? The package is in
the updates area, but I don't think I ever got a message and can't
find one in the fedora-announce-list archives....
Closing as updates are out.