#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Wednesday 12th August 2009 ===

==== Fedora Project ====

Whilst browsing through [[http://lwn.net/|LWN]], I came across a [[http://lwn.net/Articles/346466/|Red Hat Security Alert on libxml and libxml2]]
(for RHEL), which was interesting because I hadn't seen any bug reports for `libxml`.
I downloaded the RHEL-3 source package and found that it contained two patches for `libxml` 1.8.17 (the last release of `libxml` version 1),
neither of which were in the Fedora version, which addressed:

 * [[CVE:2004-0110|CVE-2004-0110]] (arbitrary code execution via a long URL)
 * [[CVE:2004-0989|CVE-2004-0989]] (arbitrary code execution via a long URL)
 * [[CVE:2009-2414|CVE-2009-2414]] (stack consumption DoS vulnerabilities)
 * [[CVE:2009-2416|CVE-2009-2416]] (use-after-free DoS vulnerabilities)

Needless to say I updated the `libxml` packages in Fedora 10, 11, and Rawhide and submitted updates pronto!

==== Local Packages ====

 * Updated `libxml` as per Fedora above
 * Updated `libxml2` for the [[CVE:2009-2414|CVE-2009-2414]] and [[CVE:2009-2416|CVE-2009-2416]] vulnerabilities as per Fedora
 * Updated `tzip` to fix some compiler warnings

----