-
libxml2 (2.9.1+dfsg1-3ubuntu4.13) trusty-security; urgency=medium
* SECURITY UPDATE: XXE attacks
- debian/patches/CVE-2016-9318.patch: fix in parser.c.
- CVE-2016-9318
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-18258.patch: fix in xzlib.c.
- CVE-2017-18258
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14404.patch: fix in xpath.c.
- CVE-2018-14404
* SECURITY UPDATE: Infinite loop in LZMA decompression
- debian/patches/CVE-2018-14567.patch: fix in xzlib.c.
- CVE-2018-14567
-- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Aug 2018 17:50:43 -0300
-
libxml2 (2.9.1+dfsg1-3ubuntu4.12) trusty-security; urgency=medium
* SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
- debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in
xpath.c.
- CVE-2017-15412
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:31:53 -0300
-
libxml2 (2.9.1+dfsg1-3ubuntu4.11) trusty-security; urgency=medium
* SECURITY UPDATE: infinite recursion in parameter entities
- CVE-2017-16932
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:17:15 -0300
-
libxml2 (2.9.1+dfsg1-3ubuntu4.10) trusty-security; urgency=medium
* SECURITY UPDATE: type confusion leading to out-of-bounds write
- debian/patches/CVE-2017-0663.patch: eliminate cast
- CVE-2017-0663
* SECURITY UPDATE: XML external entity (XXE) vulnerability
- debian/patches/CVE-2017-7375.patch: add validation for parsed
entity references
- CVE-2017-7375
* SECURITY UPDATE: buffer overflow in URL handling
- debian/patches/CVE-2017-7376.patch: allocate enough memory for
ports in HTTP redirect support
- CVE-2017-7376
* SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
- debian/patches/CVE-2017-9047-9048.patch: ensure enough space
remains in buffer for copied data
- CVE-2017-9047, CVE-2017-9048
* SECURITY UPDATE: heap based buffer overreads in
xmlDictComputeFastKey()
- debian/patches/CVE-2017-9049-9050.patch: drop uneccessary
expansions, add additional sanity check
- CVE-2017-9049, CVE-2017-9050
-- Steve Beattie <email address hidden> Fri, 15 Sep 2017 16:19:46 -0700
-
libxml2 (2.9.1+dfsg1-3ubuntu4.9) trusty-security; urgency=medium
* SECURITY UPDATE: format string vulnerabilities
- debian/patches/CVE-2016-4448-1.patch: fix format string warnings in
HTMLparser.c, SAX2.c, catalog.c, configure.in, debugXML.c,
encoding.c, entities.c, error.c, include/libxml/parserInternals.h,
include/libxml/xmlerror.h, include/libxml/xmlstring.h, libxml.h,
parser.c, parserInternals.c, relaxng.c, schematron.c, testModule.c,
valid.c, xinclude.c, xmlIO.c, xmllint.c, xmlreader.c, xmlschemas.c,
xmlstring.c, xmlwriter.c, xpath.c, xpointer.c.
- debian/patches/CVE-2016-4448-2.patch: fix format string warnings in
libxml.h, relaxng.c, xmlschemas.c, xmlstring.c.
- debian/patches/CVE-2016-4448-3.patch: fix build on pre-C99 compilers
in relaxng.c, xmlschemas.c.
- debian/libxml2.symbols: added new symbol.
- CVE-2016-4448
* SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges
- debian/patches/CVE-2016-4658.patch: disallow namespace nodes in
XPointer ranges in xpointer.c.
- CVE-2016-4658
* SECURITY UPDATE: use-after-free in XPointer range-to function
- debian/patches/CVE-2016-5131-1.patch: fix XPointer paths beginning
with range-to in xpath.c, xpointer.c.
- debian/patches/CVE-2016-5131-2.patch: fix comparison with root node
in xmlXPathCmpNodes in xpath.c.
- CVE-2016-5131
-- Marc Deslauriers <email address hidden> Wed, 15 Mar 2017 07:54:26 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4.8) trusty-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overread in xmlNextChar
- debian/patches/CVE-2016-1762.patch: return after error in parser.c.
- CVE-2016-1762
* SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar
- debian/patches/CVE-2016-1833-pre.patch: clear up NULL deref in
parserInternals.c.
- debian/patches/CVE-2016-1833-pre2.patch: handle 0-length entities in
parserInternals.c.
- debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c.
- CVE-2016-1833
* SECURITY UPDATE: heap-buffer-overflow in xmlStrncat
- debian/patches/CVE-2016-1834.patch: check for negative lengths in
xmlstring.c.
- CVE-2016-1834
* SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs
- debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests
to result/errors/759020.xml.err, result/errors/759020.xml.str,
test/errors/759020.xml.
- CVE-2016-1835
* SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey
- debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in
parser.c, added tests to result/errors/759398.xml.err,
result/errors/759398.xml.str, test/errors/759398.xml.
- CVE-2016-1836
* SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and
htmlParseSystemiteral
- debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in
HTMLparser.c.
- CVE-2016-1837
* SECURITY UPDATE: heap-based buffer overread in
xmlParserPrintFileContextInternal
- debian/patches/CVE-2016-1838.patch: add bounds check to parser.c,
add tests to result/errors/758588.xml.err,
result/errors/758588.xml.str, test/errors/758588.xml.
- CVE-2016-1838
* SECURITY UPDATE: heap-based buffer overread in xmlDictAddString
- debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c.
- CVE-2015-8806
- CVE-2016-1839
- CVE-2016-2073
* SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup
- debian/patches/CVE-2016-1840.patch: properly handle error in
xmlregexp.c.
- CVE-2016-1840
* SECURITY UPDATE: avoid building recursive entities
- debian/patches/CVE-2016-3627.patch: properly handle recursion in
parser.c, tree.c.
- CVE-2016-3627
* SECURITY UPDATE: recursion depth counter issue
- debian/patches/CVE-2016-3705.patch: properly could recursion depth in
parser.c.
- CVE-2016-3705
* SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName
- debian/patches/CVE-2016-4447.patch: improve error handling in
parser.c.
- CVE-2016-4447
* SECURITY UPDATE: inappropriate fetch of entities content
- debian/patches/CVE-2016-4449.patch: fix another external entity fetch
in parser.c.
- CVE-2016-4449
* SECURITY UPDATE: out of bound access when serializing malformed strings
- debian/patches/CVE-2016-4483.patch: improve string handling in
xmlsave.c.
- CVE-2016-4483
-- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 08:59:55 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4.7) trusty-security; urgency=medium
* SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
(LP: #1525996)
- add extra commits to this previously-fixed CVE
- debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
makes sense in parser.c.
- debian/patches/CVE-2015-7499-4.patch: do not print error context when
there is none in error.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds memory access via unclosed html comment
- debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
comment uninitialized access in HTMLparser.c.
- CVE-2015-8710
-- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:13:10 -0500
-
libxml2 (2.9.1+dfsg1-3ubuntu4.6) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via entity expansion issue
- debian/patches/CVE-2015-5312.patch: properly exit when entity
expansion is detected in parser.c.
- CVE-2015-5312
* SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey
- debian/patches/CVE-2015-7497.patch: check offset in dict.c.
- CVE-2015-7497
* SECURITY UPDATE: denial of service via encoding conversion failures
- debian/patches/CVE-2015-7498.patch: avoid processing entities after
encoding conversion failures in parser.c.
- CVE-2015-7498
* SECURITY UPDATE: out of bounds read in xmlGROW
- debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the
parser in parser.c.
- debian/patches/CVE-2015-7499-2.patch: check input in parser.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds read in xmlParseMisc
- debian/patches/CVE-2015-7500.patch: check entity boundaries in
parser.c.
- CVE-2015-7500
* SECURITY UPDATE: denial of service via extra processing of MarkupDecl
- debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c.
- CVE-2015-8241
* SECURITY UPDATE: buffer overead with HTML parser in push mode
- debian/patches/CVE-2015-8242.patch: use pointer in the input in
HTMLparser.c.
- CVE-2015-8242
* SECURITY UPDATE: denial of service via encoding failures
- debian/patches/CVE-2015-8317-1.patch: do not process encoding values
if the declaration is broken in parser.c.
- debian/patches/CVE-2015-8317-2.patch: fail parsing if the encoding
conversion failed in parser.c.
- CVE-2015-8317
-- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 12:00:30 -0500
-
libxml2 (2.9.1+dfsg1-3ubuntu4.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via XEE attack
- debian/patches/CVE-2015-1819.patch: enforce the reader to run in
constant memory in buf.c, include/libxml/tree.h, xmlreader.c.
- CVE-2015-1819
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2015-7941.patch: stop parsing on entities
boundaries errors in parser.c.
- CVE-2015-7941
* SECURITY UPDATE: overflow in conditional sections
- debian/patches/CVE-2015-7942.patch: properly check input in parser.c.
- CVE-2015-7942
* SECURITY UPDATE: denial of service via crafted document with xz
- debian/patches/CVE-2015-8035.patch: check for error in xzlib.c.
- CVE-2015-8035
-- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 08:58:16 -0500
-
libxml2 (2.9.1+dfsg1-3ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via entity expansion
- debian/patches/CVE-2014-3660.patch: added additional tests to
parser.c.
- CVE-2014-3660
-- Marc Deslauriers <email address hidden> Thu, 16 Oct 2014 15:30:49 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4.3) trusty-security; urgency=medium
* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
- debian/patches/lp1321869.patch: use upstream commit which includes
additional regression fixes to parser.c.
-- Marc Deslauriers <email address hidden> Fri, 13 Jun 2014 08:33:28 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4.2) trusty-security; urgency=medium
* SECURITY REGRESSION: xmllint no longer loads entities with --postvalid
(LP: #1321869)
- debian/patches/lp1321869.patch: also check XML_PARSE_DTDLOAD in
parser.c.
-- Marc Deslauriers <email address hidden> Fri, 06 Jun 2014 13:29:08 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4.1) trusty-security; urgency=medium
* SECURITY UPDATE: resource exhaustion via external parameter entities
- debian/patches/CVE-2014-0191.patch: do not fetch external parameter
entities in parser.c.
- CVE-2014-0191
-- Marc Deslauriers <email address hidden> Thu, 08 May 2014 14:28:19 -0400
-
libxml2 (2.9.1+dfsg1-3ubuntu4) trusty; urgency=medium
* Rebuild to drop files installed into /usr/share/pyshared.
-- Matthias Klose <email address hidden> Sun, 23 Feb 2014 13:48:26 +0000
-
libxml2 (2.9.1+dfsg1-3ubuntu3) trusty; urgency=low
* Actually run dh_autoreconf, which the old/new mixed rules file misses.
-- Adam Conrad <email address hidden> Sun, 08 Dec 2013 02:23:52 -0700
-
libxml2 (2.9.1+dfsg1-3ubuntu2) saucy; urgency=low
[ Tim Galeckas ]
* Fix SIGSEGV when --pretty is specified. LP: #923691
-- Dmitrijs Ledkovs <email address hidden> Thu, 22 Aug 2013 21:34:37 +0100
