[ooo-build] security fix for CVE-2009-3736
Rafael Cabral
cabral at mandriva.com
Wed Dec 16 14:55:42 PST 2009
Hi,
Do you know if there is some --with-system-libxmlsec available ? We are
dealing with the CVE-2009-3736 [1] that affects libltd and which is
bundled in the xmlsec. As far as I didn't find any option to link
ooo-build 3.1.1 with a fixed system version I've adapted a patch our
secteam has done to fix xmlsec 1.2.10 based on [2].
The patch (xmlsec-CVE-2009-3736.diff) appends the fix in the
./libxmlsec/xmlsec1-1.2.6.patch to be properly applied.
1 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
2 - http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
tks
Rafael Cabral
Mandriva
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xmlsec-CVE-2009-3736.diff
Url: http://lists.freedesktop.org/archives/ooo-build/attachments/20091216/52d81364/attachment.asc
More information about the ooo-build
mailing list