A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. Reference: http://googlechromereleases.blogspot.in/2012/11/stable-channel-update.html Patch: http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
Created libxml2 tracking bugs for this issue Affects: fedora-all [bug 880477]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1512 https://rhn.redhat.com/errata/RHSA-2012-1512.html
Created mingw32-libxml2 tracking bugs for this issue Affects: fedora-all [bug 882064]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0217 https://rhn.redhat.com/errata/RHSA-2013-0217.html