CVE-2011-2821

Name	CVE-2011-2821
Description	Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2394-1
Debian Bugs	643648

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
libxml2 (PTS)	jessie, jessie (lts)	2.9.1+dfsg1-5+deb8u17	fixed
	stretch (security)	2.9.4+dfsg1-2.2+deb9u7	fixed
	stretch (lts), stretch	2.9.4+dfsg1-2.2+deb9u11	fixed
	buster, buster (lts)	2.9.4+dfsg1-7+deb10u9	fixed
	buster (security)	2.9.4+dfsg1-7+deb10u6	fixed
	bullseye	2.9.10+dfsg-6.7+deb11u4	fixed
	bullseye (security)	2.9.10+dfsg-6.7+deb11u5	fixed
	bookworm	2.9.14+dfsg-1.3~deb12u1	fixed
	sid, trixie	2.12.7+dfsg+really2.9.14-0.2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chromium-browser	source	(unstable)	13.0.782.215~r97094-1
libxml2	source	lenny	2.6.32.dfsg-5+lenny5		DSA-2394-1
libxml2	source	squeeze	2.7.8.dfsg-2+squeeze2		DSA-2394-1
libxml2	source	(unstable)	2.7.8.dfsg-5	low		643648
webkit	source	(unstable)	(not affected)

- webkit <not-affected> (chromium specific)
[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)