-
libxml2 (2.9.1+dfsg1-3ubuntu2.3) saucy-security; urgency=medium
* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
- debian/patches/lp1321869.patch: use upstream commit which includes
additional regression fixes to parser.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Jun 2014 08:34:17 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu2.2) saucy-security; urgency=medium
* SECURITY REGRESSION: xmllint no longer loads entities with --postvalid
(LP: #1321869)
- debian/patches/lp1321869.patch: also check XML_PARSE_DTDLOAD in
parser.c.
-- Marc Deslauriers <email address hidden> Fri, 06 Jun 2014 13:29:55 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu2.1) saucy-security; urgency=medium
* SECURITY UPDATE: resource exhaustion via external parameter entities
- debian/patches/CVE-2014-0191.patch: do not fetch external parameter
entities in parser.c.
- CVE-2014-0191
-- Marc Deslauriers <email address hidden> Thu, 08 May 2014 14:28:54 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu2) saucy; urgency=low
[ Tim Galeckas ]
* Fix SIGSEGV when --pretty is specified. LP: #923691
-- Dmitrijs Ledkovs <email address hidden> Thu, 22 Aug 2013 21:34:37 +0100
-
libxml2 (2.9.1+dfsg1-3ubuntu1) saucy; urgency=low
* Merge with Debian; remaining changes:
- Fix python multi-arch includes issues.
- Allow the package to cross-build.
- Set PYTHON_LIBS for cross builds.
- Remove explicit build dependency on binutils.
- Configure the udeb --without-python.
libxml2 (2.9.1+dfsg1-3) unstable; urgency=low
* debian/patches/0007-Fix-XPath-optimization-with-predicates.patch:
- Upstream patch to fix XPath evaluation issue. (Closes: #713146)
-- Matthias Klose <email address hidden> Sat, 17 Aug 2013 10:43:21 +0200
-
libxml2 (2.9.1+dfsg1-2ubuntu1) saucy; urgency=low
* Merged from Debian unstable. Remaining changes:
- Fix python multi-arch includes issues.
- Allow the package to cross-build.
- Set PYTHON_LIBS for cross builds.
- Remove explicit build dependency on binutils.
- Configure the udeb --without-python.
* Dropped patches:
- CVE-2013-0338.patch: upstream
- CVE-2013-1969.patch: upstream
libxml2 (2.9.1+dfsg1-2) unstable; urgency=low
* Upload to unstable.
* debian/patches/000[2-6]-*.patch:
- cherry-picking upstream post-release fixes.
libxml2 (2.9.1+dfsg1-1) experimental; urgency=low
* New upstream release (Closes: #696300, #705722).
* Add -llzma for static linking (Closes: #697382).
* Update symbols.
* Update debian/watch, thanks to Bart Martens.
* Use canonical Vcs-* fields.
* Mark python-libxml2-dbg as "Multi-Arch: same".
-- Marc Deslauriers <email address hidden> Thu, 11 Jul 2013 09:31:50 -0400
-
libxml2 (2.9.0+dfsg1-4ubuntu5) saucy; urgency=low
* SECURITY UPDATE: multiple use after free issues
- debian/patches/CVE-2013-1969.patch: properly reset pointers in
HTMLparser.c, parser.c.
- CVE-2013-1969
-- Marc Deslauriers <email address hidden> Tue, 07 May 2013 08:28:15 -0400
-
libxml2 (2.9.0+dfsg1-4ubuntu4) raring; urgency=low
* SECURITY UPDATE: denial of service via entity expansion
- debian/patches/CVE-2013-0338.patch: limit number of entity expansions
in include/libxml/parser.h, parser.c, parserInternals.c.
- CVE-2013-0338
-- Marc Deslauriers <email address hidden> Tue, 26 Mar 2013 10:04:58 -0400