New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 766998 link

Starred by 1 user
Status: Duplicate
Merged: issue 766993
Owner:
mnissler@chromium.org
Closed: Sep 2017
Cc:
kerrnel@chromium.org
dominicc@chromium.org
jorgelo@chromium.org
djm@google.com
scottmg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug-Security



Sign in to add a comment

CrOS: Vulnerability reported in dev-libs/libxml2

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Sep 20 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: dev-libs/libxml2
Package Version: [cpe:/a:xmlsoft:libxml2:2.9.4]

Advisory: CVE-2011-2834
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2011-2834
  CVSS severity score: 6.8/10.0
  Confidence: high
  Description:

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Comment 1 by palmer@chromium.org, Sep 20 2017

Cc: jorgelo@chromium.org kerrnel@chromium.org dominicc@chromium.org scottmg@chromium.org
Components: Blink>XML
Owner: mnissler@chromium.org
Status: Assigned (was: Untriaged)
All our copies of libxml are much newer than 2011, right? It should be easy to close this?

Comment 2 by mnissler@chromium.org, Sep 21 2017

Mergedinto: 766993
Status: Duplicate (was: Assigned)

Comment 3 by mnissler@chromium.org, Sep 21 2017

Cc: djm@google.com
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 29 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment