-
libxml2 (2.9.4+dfsg1-2.2ubuntu0.3) zesty-security; urgency=medium
* SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
- debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in
xpath.c.
- CVE-2017-15412
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:26:06 -0300
-
libxml2 (2.9.4+dfsg1-2.2ubuntu0.2) zesty-security; urgency=medium
* SECURITY UPDATE: infinite recursion in parameter entities
- CVE-2017-16932
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:21:45 -0300
-
libxml2 (2.9.4+dfsg1-2.2ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: type confusion leading to out-of-bounds write
- debian/patches/CVE-2017-0663.patch: eliminate cast
- CVE-2017-0663
* SECURITY UPDATE: XML external entity (XXE) vulnerability
- debian/patches/CVE-2017-7375.patch: add validation for parsed
entity references
- CVE-2017-7375
* SECURITY UPDATE: buffer overflow in URL handling
- debian/patches/CVE-2017-7376.patch: allocate enough memory for
ports in HTTP redirect support
- CVE-2017-7376
* SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
- debian/patches/CVE-2017-9047-9048.patch: ensure enough space
remains in buffer for copied data
- CVE-2017-9047, CVE-2017-9048
* SECURITY UPDATE: heap based buffer overreads in
xmlDictComputeFastKey()
- debian/patches/CVE-2017-9049-9050.patch: drop uneccessary
expansions, add additional sanity check
- CVE-2017-9049, CVE-2017-9050
-- Steve Beattie <email address hidden> Fri, 15 Sep 2017 16:13:37 -0700
-
libxml2 (2.9.4+dfsg1-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix attribute decoding during XML schema validation
(Closes: #832602, #832864)
-- Mònica Ramírez Arceda <email address hidden> Sat, 14 Jan 2017 15:31:49 +0100
-
libxml2 (2.9.4+dfsg1-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix comparison with root node in xmlXPathCmpNodes
* Fix XPointer paths beginning with range-to (CVE-2016-5131)
(Closes: #840554)
* Disallow namespace nodes in XPointer ranges (CVE-2016-4658)
(Closes: #840553)
* Fix more NULL pointer derefs in xpointer.c
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2016 16:30:55 +0100
-
libxml2 (2.9.4+dfsg1-2) unstable; urgency=medium
[ YunQiang Su ]
* add python3 support (Closes: #737774)
* fix typo in test/control: python->python3
[ Aron Xu ]
* Really allow parallel building
* Mark python3-libxml2* as M-A: same
-- Aron Xu <email address hidden> Mon, 12 Sep 2016 02:57:02 +0800