Comment 4 for bug 1194410

This bug was fixed in the package libxml2 - 2.8.0+dfsg1-5ubuntu2.3

---------------
libxml2 (2.8.0+dfsg1-5ubuntu2.3) quantal-security; urgency=low

  * SECURITY UPDATE: external entity expansion attack (LP: #1194410)
    - debian/patches/CVE-2013-0339.patch: do not fetch external parsed
      entities in parser.c, added test to test/errors/extparsedent.xml,
      result/errors/extparsedent.xml.
    - CVE-2013-0339
  * SECURITY UPDATE: denial of service via incomplete document
    - debian/patches/CVE-2013-2877.patch: try to stop parsing as quickly as
      possible in parser.c, include/libxml/xmlerror.h.
    - CVE-2013-2877
 -- Marc Deslauriers <email address hidden> Thu, 11 Jul 2013 14:53:41 -0400