-
libxml2 (2.6.24.dfsg-1ubuntu1.6) dapper-security; urgency=low
* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
axis for namespace/attribute context nodes
- http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
- http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
- CVE-2010-4008
-- Jamie Strandboge <email address hidden> Mon, 08 Nov 2010 12:56:54 -0600
-
libxml2 (2.6.24.dfsg-1ubuntu1.5) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
-- Marc Deslauriers <email address hidden> Mon, 10 Aug 2009 16:35:39 -0400
-
libxml2 (2.6.24.dfsg-1ubuntu1.4) dapper-security; urgency=low
* SECURITY UPDATE: infinite loop, integer overflow, and double-free.
- parserInternals.c: upstream fix for double-free (svn rev 3741).
- tree.c: fix for infinite loop, thanks to Mike Hommey (CVE-2008-4225).
- SAX2.c: fix for integer overflow, thanks to Mike Hommey CVE-2008-4226).
-- Kees Cook <email address hidden> Tue, 18 Nov 2008 09:02:55 -0800
-
libxml2 (2.6.24.dfsg-1ubuntu1.3) dapper-security; urgency=low
* SECURITY UPDATE: heap overflow in entity name parsing.
* parser.c: upstream fixes thanks to Tomas Hoger.
* include/libxml/parser.h, parser.c: improvements to CVE-2008-3281 fix,
thanks to Tomas Hoger.
* References
CVE-2008-3529
-- Kees Cook <email address hidden> Thu, 11 Sep 2008 11:07:10 -0700
-
libxml2 (2.6.24.dfsg-1ubuntu1.2) dapper-security; urgency=low
* SECURITY UPDATE: DoS via recursive entity evaluation.
* entities.c, include/libxml/parser.h, parser.c, parserInternals.c:
non-ABI-breaking version of upstream changes, thanks to Mike Hommey.
* References
CVE-2008-3281
-- Kees Cook <email address hidden> Tue, 02 Sep 2008 14:57:39 -0700
-
libxml2 (2.6.24.dfsg-1ubuntu1.1) dapper-security; urgency=low
* SECURITY UPDATE: infinite loop with malformed UTF8
* parserInternals.c: patched inline with upstream changes, thanks to
Daniel Veillard.
* References
http://mail.gnome.org/archives/xml/2008-January/msg00036.html
CVE-2007-6284
-- Kees Cook <email address hidden> Mon, 14 Jan 2008 09:56:09 -0800
-
libxml2 (2.6.24.dfsg-1ubuntu1) dapper; urgency=low
* Resynchronized with Debian. Only changes to Debian:
- debian/control:
- dropped python2.3 Build-Dep and python2.3-libxml2 package. Thanks to
the super-dooper Build-System of Debian's libxml2 that's the only
change we need.
- debian/libxml2-doc.install:
- add usr/share/gtk-doc/
libxml2 (2.6.24.dfsg-1) unstable; urgency=low
* New upstream release. Closes: #365246.
* debian/control:
+ Changed libxml2-dbg's priority to extra.
+ Bumped Standards-Version to 3.7.0.0. No changes required.
* debian/rules: bump shlibs to current version, since new symbols were added.
libxml2 (2.6.23.dfsg.2-3) unstable; urgency=low
* debian/rules: Correctly strip python modules.
libxml2 (2.6.23.dfsg.2-2) unstable; urgency=low
* debian/control: Removed python2.2-libxml2 and build-dep on python2.2-dev.
Closes: #351125.
* doc/xmllint.xml, doc/xmllint.1: Applied patch from upstream cvs. That
improves the manual page by many ways.
* doc/xmllint.html: Manually updated with changes from the .xml file.
* xmllint.c: Don't throw error when failed to load an entity through --path
option of xmllint (patch from upstream cvs). Closes: #352634.
Thanks Daniel Leidert.
libxml2 (2.6.23.dfsg.2-1) unstable; urgency=low
* result/, test/: Totally removed. There is more suspicious content than
what has been removed in previous upload, so I'm just dropping the
regression tests from the archive until all files are investigated.
Closes: #331534.
* debian/control, debian/rules: Added a libxml2-dbg package containing
debug symlbols for the library and the utilities. We don't provide the
symbols for the python modules, though. Closes: #296299.
* debian/control, debian/compat: Adjust build dependencies and debhelper
compatibility accordingly.
* debian/libxml2-dbg.dirs: Add /usr/share/doc in the new libxml2-dbg
package.
libxml2 (2.6.23.dfsg.1-0.1) unstable; urgency=medium
* NMU.
* Medium urgency due to RC bugfix.
* Removed non-free test files from upstream tarball. Closes: #331534.
libxml2 (2.6.23-1.1) unstable; urgency=high
* Non-maintainer upload.
* Fix XML parser to unbreak xsltproc (Closes: #346594).
-- Daniel Holbach <email address hidden> Tue, 2 May 2006 10:50:59 +0200
-
libxml2 (2.6.23-1ubuntu5) dapper; urgency=low
* debian/applied-patches/entities_external_nonet.diff,
xmllint.c:
- applied upstream patch to make xmllint obey --nonet.
Thanks Gary Coady <email address hidden>; Malone: #17984.
-- Daniel Holbach <email address hidden> Tue, 25 Apr 2006 18:41:37 +0200
-
libxml2 (2.6.23-1ubuntu4) dapper; urgency=low
* debian/libxml2-doc.install:
- ship usr/share/gtk-doc/html/libxml2 (Malone: #31572)
-- Daniel Holbach <email address hidden> Thu, 16 Feb 2006 12:56:44 +0100
-
libxml2 (2.6.23-1ubuntu3) dapper; urgency=low
* Drop python2.3 packages.
-- Matthias Klose <email address hidden> Tue, 14 Feb 2006 16:16:00 +0000
-
libxml2 (2.6.23-1ubuntu2) dapper; urgency=low
* debian/control:
- removed python2.2-dev Build-Dep.
-- Daniel Holbach <email address hidden> Mon, 9 Jan 2006 23:56:46 +0100
-
libxml2 (2.6.23-1ubuntu1) dapper; urgency=low
* Resynchronized with Debian. (Ubuntu: #22038)
- debian/control,
debian/rules:
- python defaults.
* parser.c:
- applied
http://cvs.gnome.org/viewcvs/libxml2/parser.c?r1=1.445&r2=1.446&makepatch=1&diff_format=u
(Ubuntu: #22140, Debian: #346594)
-- Daniel Holbach <email address hidden> Mon, 9 Jan 2006 13:34:07 +0100
-
libxml2 (2.6.22-2ubuntu1) dapper; urgency=low
* Resynchronize with Debian:
- Keep libxml2-python2.3 as a transition package.
- Drop Python 2.2 completely.
-- Daniel Holbach <email address hidden> Thu, 10 Nov 2005 20:21:18 +0100
