-
libxml2 (2.7.8.dfsg-4ubuntu0.6) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service via entity expansion
- include/libxml/parser.h, parser.c, parserInternals.c: limit number of
entity expansions, thanks to Daniel Veillard.
- http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
- CVE-2013-0338
-- Marc Deslauriers <email address hidden> Tue, 26 Mar 2013 10:25:45 -0400
-
libxml2 (2.7.8.dfsg-4ubuntu0.5) oneiric-security; urgency=low
* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
- debian/patches/CVE-2012-5134.patch: add array bounds checking in
parser.c, thanks to Daniel Veillard
- http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
- CVE-2012-5134
-- Seth Arnold <email address hidden> Tue, 04 Dec 2012 11:48:26 -0800
-
libxml2 (2.7.8.dfsg-4ubuntu0.4) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer sizes.
- http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
- http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
- http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a
- CVE-2012-2807
-- Marc Deslauriers <email address hidden> Wed, 26 Sep 2012 13:15:01 -0400
-
libxml2 (2.7.8.dfsg-4ubuntu0.3) oneiric-security; urgency=low
* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
- d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
- CVE-2011-3102
-- Jamie Strandboge <email address hidden> Fri, 18 May 2012 08:56:55 -0500
-
libxml2 (2.7.8.dfsg-4ubuntu0.2) oneiric-security; urgency=low
* SECURITY UPDATE: add randomization to dictionaries with hash tables
help prevent denial of service via hash algorithm collision
- configure.in: lookup for rand, srand and time
- dict.c: add randomization to dictionaries hash tables
- hash.c: add randomization to normal hash tables
- 8973d58b7498fa5100a876815476b81fd1a2412a
- CVE-2012-0841
-- Jamie Strandboge <email address hidden> Fri, 24 Feb 2012 15:11:05 -0600
-
libxml2 (2.7.8.dfsg-4ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: fix off-by-one leading to denial of service
- encoding.c: adjust calculation of space available
- 69f04562f75212bfcabecd190ea8b06ace28ece2
- CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
entering a function or a scoped evaluation
- f5048b3e71fc30ad096970b8df6e7af073bae4cb
- CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.c: fix missing error status in XPath evaluation
- 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
- CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
- parser.c: make sure the parser returns when getting a Stop order
- 77404b8b69bc122d12231807abf1a837d121b551
- CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea20aae24f03e
- CVE-2011-3919
-- Jamie Strandboge <email address hidden> Wed, 18 Jan 2012 13:12:25 -0600
-
libxml2 (2.7.8.dfsg-4) unstable; urgency=low
* debian/rules: Add --with python2 to dh call.
* debian/control:
- Remove build dependency on python-support.
- Build depend on python-all-dev >= 2.6.6-3~.
- Remove XB-Python-Version header.
- Bump Standards-Version to 3.9.2.0. No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
Thanks Colin Watson.
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Jul 2011 08:29:35 +0000
-
libxml2 (2.7.8.dfsg-3) unstable; urgency=low
* xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 06 Jun 2011 08:23:03 +0000
-
libxml2 (2.7.8.dfsg-2) unstable; urgency=low
* xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 27 Dec 2010 10:59:50 +0000