Launchpad CVE tracker

CVE 2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

Related bugs and status

CVE-2012-5134 (Candidate) is related to these bugs:

Bug #1069930: chromium-browser package lacks chromedriver binary

Summary				In	Importance	Status
	1069930	chromium-browser package lacks chromedriver binary		chromium-browser (Ubuntu)	Wishlist	Fix Released

Bug #1084852: Chromium still tries to enable NEON on arm* builds when told not to

		In	Importance	Status
1084852	Chromium still tries to enable NEON on arm* builds when told not to	chromium-browser (Ubuntu)	High	Fix Released
1084852	Chromium still tries to enable NEON on arm* builds when told not to	Chromium Browser	Unknown	Unknown
1084852	Chromium still tries to enable NEON on arm* builds when told not to	chromium-browser (Ubuntu Oneiric)	Medium	Won't Fix
1084852	Chromium still tries to enable NEON on arm* builds when told not to	chromium-browser (Ubuntu Precise)	Medium	Fix Released
1084852	Chromium still tries to enable NEON on arm* builds when told not to	chromium-browser (Ubuntu Quantal)	Medium	Fix Released

Bug #1099075: new upstream release: 24.0.1312.56

		In	Importance	Status
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu)	High	Fix Released
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu Lucid)	High	Fix Released
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu Oneiric)	High	Fix Released
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu Precise)	High	Fix Released
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu Quantal)	High	Fix Released
1099075	new upstream release: 24.0.1312.56	chromium-browser (Ubuntu Raring)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5134

References