GNOME Bugzilla – Bug 679475
cve-2012-2807
Last modified: 2021-07-05 13:21:56 UTC
The chrome developers have found another libxml2 issue, which seems to have not been upstreamed yet: http://security-tracker.debian.org/tracker/CVE-2012-2807 The following commit supposedly corrects the issue: http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd But there are questions about the hard-coded limits and whether they're appropriate: http://bugs.debian.org/679280
The commit link is broken.
This is an updated link to the submitted chromium patch https://src.chromium.org/viewvc/chrome?revision=143067&view=revision However two years ago with this commit the patch has been removed https://chromium.googlesource.com/chromium/src/+/8285ba172641308c6d4775cc38d637ceacb0422a
Fixed by https://gitlab.gnome.org/GNOME/libxml2/commit/459eeb9dc752d5185f57ff6b135027f11981a626 if I interpret http://security-tracker.debian.org/tracker/CVE-2012-2807 correctly?
(In reply to André Klapper from comment #3) > Fixed by > https://gitlab.gnome.org/GNOME/libxml2/commit/ > 459eeb9dc752d5185f57ff6b135027f11981a626 if I interpret > http://security-tracker.debian.org/tracker/CVE-2012-2807 correctly? Can someone confirm, please?
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.