New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 766993 link

Starred by 1 user
Status: Duplicate
Merged: issue 203253
Owner:
mnissler@chromium.org
Closed: Sep 2017
Cc:
kerrnel@chromium.org
mnissler@chromium.org
dominicc@chromium.org
jorgelo@chromium.org
djm@google.com
scottmg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chromium: Vulnerability reported in libxml

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 20 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: libxml
Package Version: [cpe:/a:xmlsoft:libxml2:2.7.7]

Advisory: CVE-2011-2834
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2011-2834
  CVSS severity score: 6.8/10.0
  Confidence: high
  Description:

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Comment 1 by palmer@chromium.org, Sep 20 2017

Cc: kerrnel@chromium.org
Components: Blink>XML
Labels: OS-Chrome
Owner: mnissler@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 2 by mnissler@chromium.org, Sep 21 2017

Cc: djm@google.com
Mergedinto: 203253
Status: Duplicate (was: Assigned)
Vomit failed to match up versions, we are already at 2.9.4 and the fix rolle din per  issue 203253

Comment 3 by mnissler@chromium.org, Sep 21 2017

Cc: dominicc@chromium.org mnissler@chromium.org jorgelo@chromium.org scottmg@chromium.org
 Issue 766998  has been merged into this issue.
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 28 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment