Univention Bugzilla – Bug 30646
libxml2: Two security issues (3.1)
Last modified: 2013-05-22 10:11:02 CEST
+++ This bug was initially created as a clone of Bug #30645 +++ +++ This bug was initially created as a clone of Bug #30644 +++ Denial of service when including external entity references (CVE-2013-0338 CVE-2013-0339)
The DSA version has been imported. Test procedure on amd64 was successful. The YAML file has been commited to SVN.
(In reply to comment #1) > The DSA version has been imported. Test procedure on amd64 was successful. The > YAML file has been commited to SVN. Also, the update has been copied to ucs3.1-2
Tests with i386 successful. Advisory: version is [0,1] - is this intended? -- except that: OK Package not in scope ucs_3.1-2
(In reply to comment #3) > Tests with i386 successful. > > Advisory: version is [0,1] - is this intended? -- except that: OK Yes, that's intended: libxml is identical in 3.1-0 and 3.1-1, so the files can be made available in both the errata3.1-0 and errata3.1-1 scopes. > Package not in scope ucs_3.1-2 As discussed: They are present, but at the time when you made the check the Packages file hadn't been rebuild (since no build took place for 3.1-2 by then).
(In reply to comment #4) > Yes, that's intended: libxml is identical in 3.1-0 and 3.1-1, so the files can > be made available in both the errata3.1-0 and errata3.1-1 scopes. OK > As discussed: They are present, but at the time when you made the check the > Packages file hadn't been rebuild (since no build took place for 3.1-2 by > then). OK
http://errata.univention.de/ucs/3.1/101.html