PublicDateAtUSN: 2010-11-08
Candidate: CVE-2010-4008
PublicDate: 2010-11-17 01:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
 http://code.google.com/p/chromium/issues/detail?id=58731
 https://ubuntu.com/security/notices/USN-1016-1
Description:
 libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple
 Safari 5.0.2 and earlier, and other products, reads from invalid memory
 locations during processing of malformed XPath expressions, which allows
 context-dependent attackers to cause a denial of service (application
 crash) via a crafted XML document.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Bui Quang Minh
Assigned-to: jdstrand
CVSS: 

Patches_libxml2:
 upstream: http://git.gnome.org/browse/libxml2/commit/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
 upstream: http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
upstream_libxml2: released (2.7.8.dfsg-1)
dapper_libxml2: released (2.6.24.dfsg-1ubuntu1.6)
hardy_libxml2: released (2.6.31.dfsg-2ubuntu1.5)
karmic_libxml2: released (2.7.5.dfsg-1ubuntu1.2)
lucid_libxml2: released (2.7.6.dfsg-1ubuntu1.1)
maverick_libxml2: released (2.7.7.dfsg-4ubuntu0.1)
devel_libxml2: not-affected (2.7.8.dfsg-1)