Ubuntu
libxml2 package

Change logs for libxml2 source package in Zesty

  1. Zesty (17.04)
  2. Change log 
  • libxml2 (2.9.4+dfsg1-2.2ubuntu0.3) zesty-security; urgency=medium

  * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
    - debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in
      xpath.c.
    - CVE-2017-15412

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 11 Dec 2017 13:26:06 -0300
  • libxml2 (2.9.4+dfsg1-2.2ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: infinite recursion in parameter entities
    - CVE-2017-16932

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 04 Dec 2017 15:21:45 -0300
  • libxml2 (2.9.4+dfsg1-2.2ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: type confusion leading to out-of-bounds write
    - debian/patches/CVE-2017-0663.patch: eliminate cast
    - CVE-2017-0663
  * SECURITY UPDATE: XML external entity (XXE) vulnerability
    - debian/patches/CVE-2017-7375.patch: add validation for parsed
      entity references
    - CVE-2017-7375
  * SECURITY UPDATE: buffer overflow in URL handling
    - debian/patches/CVE-2017-7376.patch: allocate enough memory for
      ports in HTTP redirect support
    - CVE-2017-7376
  * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
    - debian/patches/CVE-2017-9047-9048.patch: ensure enough space
      remains in buffer for copied data
    - CVE-2017-9047, CVE-2017-9048
  * SECURITY UPDATE: heap based buffer overreads in
    xmlDictComputeFastKey()
    - debian/patches/CVE-2017-9049-9050.patch: drop uneccessary
      expansions, add additional sanity check
    - CVE-2017-9049, CVE-2017-9050

 -- Steve Beattie <email address hidden>  Fri, 15 Sep 2017 16:13:37 -0700
  • libxml2 (2.9.4+dfsg1-2.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix attribute decoding during XML schema validation 
    (Closes: #832602, #832864)

 -- Mònica Ramírez Arceda <email address hidden>  Sat, 14 Jan 2017 15:31:49 +0100
  • libxml2 (2.9.4+dfsg1-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix comparison with root node in xmlXPathCmpNodes
  * Fix XPointer paths beginning with range-to (CVE-2016-5131)
    (Closes: #840554)
  * Disallow namespace nodes in XPointer ranges (CVE-2016-4658)
    (Closes: #840553)
  * Fix more NULL pointer derefs in xpointer.c

 -- Salvatore Bonaccorso <email address hidden>  Sun, 30 Oct 2016 16:30:55 +0100
  • libxml2 (2.9.4+dfsg1-2) unstable; urgency=medium

  [ YunQiang Su ]
  * add python3 support (Closes: #737774)
  * fix typo in test/control: python->python3

  [ Aron Xu ]
  * Really allow parallel building
  * Mark python3-libxml2* as M-A: same

 -- Aron Xu <email address hidden>  Mon, 12 Sep 2016 02:57:02 +0800