[ooo-build] security fix for CVE-2009-3736

Rafael Cabral cabral at mandriva.com
Wed Dec 16 14:55:42 PST 2009


Hi,

Do you know if there is some --with-system-libxmlsec available ?  We are 
dealing with the CVE-2009-3736 [1] that affects libltd and which is 
bundled in the xmlsec. As far as I didn't find any option to link 
ooo-build 3.1.1 with a fixed system version I've adapted a patch our 
secteam has done to fix xmlsec 1.2.10 based on [2].

The patch (xmlsec-CVE-2009-3736.diff) appends the fix in the 
./libxmlsec/xmlsec1-1.2.6.patch to be properly applied.

1 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
2 - http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html

tks
Rafael Cabral
Mandriva

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xmlsec-CVE-2009-3736.diff
Url: http://lists.freedesktop.org/archives/ooo-build/attachments/20091216/52d81364/attachment.asc 


More information about the ooo-build mailing list