Change log for libxml2 package in Ubuntu
76 → 150 of 307 results | First • Previous • Next • Last |
libxml2 (2.9.4+dfsg1-8ubuntu1) focal; urgency=low * Merge from Debian unstable. Remaining changes: - debian/patches/CVE-2016-9318.patch: fix in parser.c. - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - debian/patches/CVE-2017-16932.patch: fix in parser.c and add some error check files result/errors/759579.xml, result/errors/759579.xml.err, result/errors/759579.xml.str, test/errors/759579.xml.
Available diffs
libxml2 (2.9.4+dfsg1-7ubuntu5) focal; urgency=medium * Adjust testsuite for python->python2 move -- Gianfranco Costamagna <email address hidden> Thu, 24 Oct 2019 11:06:28 +0200
Available diffs
Superseded in focal-proposed |
libxml2 (2.9.4+dfsg1-7ubuntu4) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 18:08:14 +0000
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-7ubuntu3) disco; urgency=medium * No-change rebuild for icu soname changes. -- Matthias Klose <email address hidden> Tue, 13 Nov 2018 08:14:59 +0000
Available diffs
libxml2 (2.9.4+dfsg1-7ubuntu2) disco; urgency=medium * No-change rebuild to build without python3.6 support. -- Matthias Klose <email address hidden> Sat, 03 Nov 2018 11:51:26 +0000
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-7ubuntu1) cosmic; urgency=medium * SECURITY UPDATE: XXE attacks - debian/patches/CVE-2016-9318.patch: fix in parser.c. - CVE-2016-9318 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - CVE-2017-18258 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - CVE-2018-14404 * SECURITY UPDATE: Infinite loop in LZMA decompression - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - CVE-2018-14567 * SECURITY UPDATE: Infinite recursion/Denial of service - debian/patches/CVE-2017-16932.patch: fix in parser.c and add some error check files result/errors/759579.xml, result/errors/759579.xml.err, result/errors/759579.xml.str, test/errors/759579.xml. - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Thu, 16 Aug 2018 12:02:31 -0300
Available diffs
libxml2 (2.9.1+dfsg1-3ubuntu4.13) trusty-security; urgency=medium * SECURITY UPDATE: XXE attacks - debian/patches/CVE-2016-9318.patch: fix in parser.c. - CVE-2016-9318 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - CVE-2017-18258 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - CVE-2018-14404 * SECURITY UPDATE: Infinite loop in LZMA decompression - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - CVE-2018-14567 -- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Aug 2018 17:50:43 -0300
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.6) xenial-security; urgency=medium * SECURITY UPDATE: XXE attacks - debian/patches/CVE-2016-9318.patch: fix in parser.c. - CVE-2016-9318 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - CVE-2017-18258 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - CVE-2018-14404 * SECURITY UPDATE: Infinite loop in LZMA decompression - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - CVE-2018-14567 -- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Aug 2018 16:49:50 -0300
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: XXE attacks - debian/patches/CVE-2016-9318.patch: fix in parser.c. - CVE-2016-9318 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-18258.patch: fix in xzlib.c. - CVE-2017-18258 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-14404.patch: fix in xpath.c. - CVE-2018-14404 * SECURITY UPDATE: Infinite loop in LZMA decompression - debian/patches/CVE-2018-14567.patch: fix in xzlib.c. - CVE-2018-14567 * SECURITY UPDATE: Infinite recursion/Denial of service - debian/patches/CVE-2017-16932.patch: fix in parser.c and add some error check files result/errors/759579.xml, result/errors/759579.xml.err, result/errors/759579.xml.str, test/errors/759579.xml. - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Fri, 10 Aug 2018 15:30:23 -0300
Available diffs
libxml2 (2.9.4+dfsg1-7build1) cosmic; urgency=medium * No-change rebuild to build for python3.7. -- Matthias Klose <email address hidden> Thu, 28 Jun 2018 06:58:57 +0000
Available diffs
Superseded in cosmic-proposed |
libxml2 (2.9.4+dfsg1-7) unstable; urgency=medium * Team upload. * drop automatically generated dependency on (non-existing) libicu60-dbg from libxm2-dbg (closes: #900113) -- Rene Engelhard <email address hidden> Sat, 26 May 2018 10:03:44 +0000
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-6.1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/{rules,control}: Drop dep on libicu-dbg, icu59 doesn't ship it.
Available diffs
libxml2 (2.9.4+dfsg1-5.2ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/{rules,control}: Drop dep on libicu-dbg, icu59 doesn't ship it.
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.5) xenial-security; urgency=medium * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate - debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in xpath.c. - CVE-2017-15412 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:29:09 -0300
Available diffs
libxml2 (2.9.1+dfsg1-3ubuntu4.12) trusty-security; urgency=medium * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate - debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in xpath.c. - CVE-2017-15412 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:31:53 -0300
Available diffs
libxml2 (2.9.4+dfsg1-2.2ubuntu0.3) zesty-security; urgency=medium * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate - debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in xpath.c. - CVE-2017-15412 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:26:06 -0300
Available diffs
libxml2 (2.9.4+dfsg1-4ubuntu1.2) artful-security; urgency=medium * SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate - debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in xpath.c. - CVE-2017-15412 -- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:30:29 -0300
Available diffs
libxml2 (2.9.4+dfsg1-4ubuntu1.1) artful-security; urgency=medium * SECURITY UPDATE: infinite recursion in parameter entities - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:22:50 -0300
Available diffs
libxml2 (2.9.4+dfsg1-2.2ubuntu0.2) zesty-security; urgency=medium * SECURITY UPDATE: infinite recursion in parameter entities - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:21:45 -0300
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: infinite recursion in parameter entities - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:20:29 -0300
Available diffs
libxml2 (2.9.1+dfsg1-3ubuntu4.11) trusty-security; urgency=medium * SECURITY UPDATE: infinite recursion in parameter entities - CVE-2017-16932 -- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:17:15 -0300
Available diffs
libxml2 (2.9.4+dfsg1-5.1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - debian/{rules,control}: Drop dep on libicu-dbg, icu59 doesn't ship it.
Available diffs
libxml2 (2.9.4+dfsg1-5ubuntu2) bionic; urgency=medium * No-change rebuild for icu soname change. -- Matthias Klose <email address hidden> Tue, 07 Nov 2017 08:54:26 +0000
Available diffs
libxml2 (2.9.4+dfsg1-5ubuntu1) bionic; urgency=medium * debian/{rules,control}: Drop dep on libicu-dbg, icu59 doesn't ship it.
Available diffs
Superseded in bionic-proposed |
libxml2 (2.9.4+dfsg1-4ubuntu2) bionic; urgency=medium * No-change rebuild for libicu soname change. -- Matthias Klose <email address hidden> Wed, 25 Oct 2017 15:45:15 +0000
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-4ubuntu1) artful; urgency=medium * Fix FTBFS: Fix debhelper -p and -N flags. * -- Matthias Klose <email address hidden> Wed, 11 Oct 2017 11:06:37 +0200
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.3) xenial-security; urgency=medium * SECURITY UPDATE: type confusion leading to out-of-bounds write - debian/patches/CVE-2017-0663.patch: eliminate cast - CVE-2017-0663 * SECURITY UPDATE: XML external entity (XXE) vulnerability - debian/patches/CVE-2017-7375.patch: add validation for parsed entity references - CVE-2017-7375 * SECURITY UPDATE: buffer overflow in URL handling - debian/patches/CVE-2017-7376.patch: allocate enough memory for ports in HTTP redirect support - CVE-2017-7376 * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent() - debian/patches/CVE-2017-9047-9048.patch: ensure enough space remains in buffer for copied data - CVE-2017-9047, CVE-2017-9048 * SECURITY UPDATE: heap based buffer overreads in xmlDictComputeFastKey() - debian/patches/CVE-2017-9049-9050.patch: drop uneccessary expansions, add additional sanity check - CVE-2017-9049, CVE-2017-9050 -- Steve Beattie <email address hidden> Fri, 15 Sep 2017 16:00:14 -0700
libxml2 (2.9.1+dfsg1-3ubuntu4.10) trusty-security; urgency=medium * SECURITY UPDATE: type confusion leading to out-of-bounds write - debian/patches/CVE-2017-0663.patch: eliminate cast - CVE-2017-0663 * SECURITY UPDATE: XML external entity (XXE) vulnerability - debian/patches/CVE-2017-7375.patch: add validation for parsed entity references - CVE-2017-7375 * SECURITY UPDATE: buffer overflow in URL handling - debian/patches/CVE-2017-7376.patch: allocate enough memory for ports in HTTP redirect support - CVE-2017-7376 * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent() - debian/patches/CVE-2017-9047-9048.patch: ensure enough space remains in buffer for copied data - CVE-2017-9047, CVE-2017-9048 * SECURITY UPDATE: heap based buffer overreads in xmlDictComputeFastKey() - debian/patches/CVE-2017-9049-9050.patch: drop uneccessary expansions, add additional sanity check - CVE-2017-9049, CVE-2017-9050 -- Steve Beattie <email address hidden> Fri, 15 Sep 2017 16:19:46 -0700
libxml2 (2.9.4+dfsg1-2.2ubuntu0.1) zesty-security; urgency=medium * SECURITY UPDATE: type confusion leading to out-of-bounds write - debian/patches/CVE-2017-0663.patch: eliminate cast - CVE-2017-0663 * SECURITY UPDATE: XML external entity (XXE) vulnerability - debian/patches/CVE-2017-7375.patch: add validation for parsed entity references - CVE-2017-7375 * SECURITY UPDATE: buffer overflow in URL handling - debian/patches/CVE-2017-7376.patch: allocate enough memory for ports in HTTP redirect support - CVE-2017-7376 * SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent() - debian/patches/CVE-2017-9047-9048.patch: ensure enough space remains in buffer for copied data - CVE-2017-9047, CVE-2017-9048 * SECURITY UPDATE: heap based buffer overreads in xmlDictComputeFastKey() - debian/patches/CVE-2017-9049-9050.patch: drop uneccessary expansions, add additional sanity check - CVE-2017-9049, CVE-2017-9050 -- Steve Beattie <email address hidden> Fri, 15 Sep 2017 16:13:37 -0700
Available diffs
libxml2 (2.9.4+dfsg1-3.1) unstable; urgency=low * Non-maintainer upload. * Increase buffer space for port in HTTP redirect support (CVE-2017-7376) Incorrect limit was used for port values. (Closes: #870865) * Prevent unwanted external entity reference (CVE-2017-7375) Missing validation for external entities in xmlParsePEReference. (Closes: #870867) * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050) - Heap-based buffer over-read in function xmlDictComputeFastKey (CVE-2017-9049). - Heap-based buffer over-read in function xmlDictAddString (CVE-2017-9050). (Closes: #863019, #863018) * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047, CVE-2017-9048) - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047). - Stack-based buffer overflow in function xmlSnprintfElementContent (CVE-2017-9048). (Closes: #863022, #863021) * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663) Heap buffer overflow in xmlAddID. (Closes: #870870) -- Salvatore Bonaccorso <email address hidden> Sun, 20 Aug 2017 06:56:40 +0200
Available diffs
libxml2 (2.9.4+dfsg1-3build2) artful; urgency=medium * No-change rebuild against python3.6 -- Jeremy Bicha <email address hidden> Wed, 02 Aug 2017 16:08:27 -0400
Available diffs
libxml2 (2.9.4+dfsg1-3build1) artful; urgency=medium * No-change rebuild to build with python3.6. -- Matthias Klose <email address hidden> Mon, 24 Jul 2017 13:52:40 +0000
Available diffs
libxml2 (2.9.4+dfsg1-3) unstable; urgency=medium * Team upload. [ Mattia Rizzolo ] * d/control: + Use HTTPS in Vcs-* fields. + Remove the deprecated '${python:Provides}' and '${python3:Provides}'. + Bump Standards-Version to 4.0.0, no changes needed. * Build for all supported python versions. Closes: #864328 Thanks to YunQiang Su <email address hidden> for the initial patch. * Drop libxml-utils-dbg package in favour of the automatic debug package. * Replace the upstream ChangeLog with the NEWS file. Closes: #808372 The ChangeLog file stopped being updated in 2009, whereas NEWS is automatically generated by upstream during releases. * d/rules: + Correctly make use of the dh sequencer in the build step. Override dh_auto_build instead of using build/build-arch/build-indep targets directly. This makes possible for dh to call dh_autoreconf and other helpers that would otherwise be skipped (like dh_update_autotools_config). + Fix duplicated targets for override_dh_auto_install-indep. + Streamline dpkg-buildflags usage. * Bump debhelper compat level to 10 + remove --parallel, now default + remove --with autoreconf, now default [ Helmut Grohne ] * Improve build profiles support. Closes: #862867 + Rename the meaningless stage1 to the meaningful nopython. + Use the standard variable DEB_BUILD_PROFILES rather than DEB_BUILD_PROFILE by checking dh_listpackages. + Correctly build nopython even when python is installed. + Add build profile annotations to debian/control. -- Mattia Rizzolo <email address hidden> Tue, 04 Jul 2017 21:59:55 +0200
Available diffs
libxml2 (2.9.4+dfsg1-2.2ubuntu1) artful; urgency=medium * Only build for the default version of Python. -- Michael Hudson-Doyle <email address hidden> Tue, 16 May 2017 14:45:03 +1200
Available diffs
libxml2 (2.9.4+dfsg1-2.2build1) artful; urgency=medium * No change rebuild to add Python 3.6 support. -- Michael Hudson-Doyle <email address hidden> Fri, 12 May 2017 11:47:33 +1200
Available diffs
libxml2 (2.7.8.dfsg-5.1ubuntu4.17) precise-security; urgency=medium * SECURITY UPDATE: format string vulnerabilities - fix format string warnings in HTMLparser.c, SAX2.c, catalog.c, configure, configure.in, debugXML.c, encoding.c, entities.c, error.c, include/libxml/parserInternals.h, include/libxml/xmlerror.h, include/libxml/xmlstring.h, libxml.h, parser.c, parserInternals.c, relaxng.c, schematron.c, testModule.c, valid.c, xinclude.c, xmlIO.c, xmllint.c, xmlreader.c, xmlschemas.c, xmlstring.c, xmlwriter.c, xpath.c, xpointer.c. - 4472c3a5a5b516aaf59b89be602fbce52756c3e9 - 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b - d77e5fc4bcdb7da748c9cca116a601ae4df60d21 - debian/libxml2.symbols: added new symbol. - CVE-2016-4448 * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges - disallow namespace nodes in XPointer ranges in xpointer.c. - c1d1f7121194036608bf555f08d3062a36fd344b - CVE-2016-4658 * SECURITY UPDATE: use-after-free in XPointer range-to function - fix XPointer paths beginning with range-to and fix comparison with root node in xmlXPathCmpNodesin xpath.c, xpointer.c. - 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e - a005199330b86dada19d162cae15ef9bdcb6baa8 - CVE-2016-5131 -- Marc Deslauriers <email address hidden> Wed, 15 Mar 2017 09:00:55 -0400
Available diffs
libxml2 (2.9.1+dfsg1-3ubuntu4.9) trusty-security; urgency=medium * SECURITY UPDATE: format string vulnerabilities - debian/patches/CVE-2016-4448-1.patch: fix format string warnings in HTMLparser.c, SAX2.c, catalog.c, configure.in, debugXML.c, encoding.c, entities.c, error.c, include/libxml/parserInternals.h, include/libxml/xmlerror.h, include/libxml/xmlstring.h, libxml.h, parser.c, parserInternals.c, relaxng.c, schematron.c, testModule.c, valid.c, xinclude.c, xmlIO.c, xmllint.c, xmlreader.c, xmlschemas.c, xmlstring.c, xmlwriter.c, xpath.c, xpointer.c. - debian/patches/CVE-2016-4448-2.patch: fix format string warnings in libxml.h, relaxng.c, xmlschemas.c, xmlstring.c. - debian/patches/CVE-2016-4448-3.patch: fix build on pre-C99 compilers in relaxng.c, xmlschemas.c. - debian/libxml2.symbols: added new symbol. - CVE-2016-4448 * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges - debian/patches/CVE-2016-4658.patch: disallow namespace nodes in XPointer ranges in xpointer.c. - CVE-2016-4658 * SECURITY UPDATE: use-after-free in XPointer range-to function - debian/patches/CVE-2016-5131-1.patch: fix XPointer paths beginning with range-to in xpath.c, xpointer.c. - debian/patches/CVE-2016-5131-2.patch: fix comparison with root node in xmlXPathCmpNodes in xpath.c. - CVE-2016-5131 -- Marc Deslauriers <email address hidden> Wed, 15 Mar 2017 07:54:26 -0400
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.2) xenial-security; urgency=medium * SECURITY UPDATE: format string vulnerabilities - debian/patches/CVE-2016-4448-1.patch: fix format string warnings in HTMLparser.c, SAX2.c, catalog.c, configure.ac, debugXML.c, encoding.c, entities.c, error.c, include/libxml/parserInternals.h, include/libxml/xmlerror.h, include/libxml/xmlstring.h, libxml.h, parser.c, parserInternals.c, relaxng.c, schematron.c, testModule.c, valid.c, xinclude.c, xmlIO.c, xmllint.c, xmlreader.c, xmlschemas.c, xmlstring.c, xmlwriter.c, xpath.c, xpointer.c. - debian/patches/CVE-2016-4448-2.patch: fix format string warnings in libxml.h, relaxng.c, xmlschemas.c, xmlstring.c. - debian/libxml2.symbols: added new symbol. - CVE-2016-4448 * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges - debian/patches/CVE-2016-4658.patch: disallow namespace nodes in XPointer ranges in xpointer.c. - CVE-2016-4658 * SECURITY UPDATE: use-after-free in XPointer range-to function - debian/patches/CVE-2016-5131-1.patch: fix XPointer paths beginning with range-to in xpath.c, xpointer.c. - debian/patches/CVE-2016-5131-2.patch: fix comparison with root node in xmlXPathCmpNodes in xpath.c. - CVE-2016-5131 * debian/patches/lp1652325.patch: XML push parser fails with bogus UTF-8 encoding error when multi-byte character in large CDATA section is split across buffer (LP: #1652325) -- Marc Deslauriers <email address hidden> Tue, 14 Mar 2017 16:06:13 -0400
Available diffs
libxml2 (2.9.4+dfsg1-2ubuntu0.1) yakkety-security; urgency=medium * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges - debian/patches/CVE-2016-4658.patch: disallow namespace nodes in XPointer ranges in xpointer.c. - CVE-2016-4658 * SECURITY UPDATE: use-after-free in XPointer range-to function - debian/patches/CVE-2016-5131-1.patch: fix XPointer paths beginning with range-to in xpath.c, xpointer.c. - debian/patches/CVE-2016-5131-2.patch: fix comparison with root node in xmlXPathCmpNodes in xpath.c. - CVE-2016-5131 -- Marc Deslauriers <email address hidden> Tue, 14 Mar 2017 16:01:34 -0400
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-2.2) unstable; urgency=medium * Non-maintainer upload. * Fix attribute decoding during XML schema validation (Closes: #832602, #832864) -- Mònica RamÃrez Arceda <email address hidden> Sat, 14 Jan 2017 15:31:49 +0100
Available diffs
Superseded in zesty-proposed |
libxml2 (2.9.4+dfsg1-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix comparison with root node in xmlXPathCmpNodes * Fix XPointer paths beginning with range-to (CVE-2016-5131) (Closes: #840554) * Disallow namespace nodes in XPointer ranges (CVE-2016-4658) (Closes: #840553) * Fix more NULL pointer derefs in xpointer.c -- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2016 16:30:55 +0100
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
libxml2 (2.9.4+dfsg1-2) unstable; urgency=medium [ YunQiang Su ] * add python3 support (Closes: #737774) * fix typo in test/control: python->python3 [ Aron Xu ] * Really allow parallel building * Mark python3-libxml2* as M-A: same -- Aron Xu <email address hidden> Mon, 12 Sep 2016 02:57:02 +0800
Available diffs
- diff from 2.9.4+dfsg1-1 to 2.9.4+dfsg1-2 (3.4 KiB)
libxml2 (2.9.4+dfsg1-1) unstable; urgency=medium * Imported Upstream version 2.9.4+dfsg1 - Closes: 829718, CVE-2016-4448 * Drop patches applied upstream, refresh remainers * Update Std-Ver to 3.9.8 from 3.9.6 * Update symbols for 2.9.4 * cherry-pick: Fix NULL pointer deref in XPointer range-to -- Aron Xu <email address hidden> Tue, 19 Jul 2016 11:42:45 +0800
Available diffs
- diff from 2.9.3+dfsg1-1.2 to 2.9.4+dfsg1-1 (133.2 KiB)
libxml2 (2.9.3+dfsg1-1.2) unstable; urgency=medium [ Simon McVittie ] * Non-maintainer upload. * Add -arch suffix to some architecture-specific debhelper overrides, fixing FTBFS with dpkg-buildpackage -A or when source-only uploads are used (Closes: #806065) - Do a build for the default Python version even when we are building arch-indep-only: we need something for gtk-doc to analyze -- Salvatore Bonaccorso <email address hidden> Sun, 05 Jun 2016 07:23:42 +0200
Available diffs
libxml2 (2.7.8.dfsg-5.1ubuntu4.15) precise-security; urgency=medium * SECURITY UPDATE: heap-based buffer overread in xmlNextChar - return after error in parser.c. - a7a94612aa3b16779e2c74e1fa353b5d9786c602 - CVE-2016-1762 * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar - clear up NULL deref, handle 0-length entities and fix tests in parserInternals.c. - ff76eb28c75451bc56e3b93f44dac155ca29e7f5 - fdfeecc1b73b0318466f0d61f0b8881ed9d92dd2 - 0bcd05c5cd83dec3406c8f68b769b1d610c72f76 - CVE-2016-1833 * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat - check for negative lengths in xmlstring.c. - 8fbbf5513d609c1770b391b99e33314cd0742704 - CVE-2016-1834 * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs - add check to parser.c, add tests to result/errors/759020.xml.err, result/errors/759020.xml.str, test/errors/759020.xml. - 38eae571111db3b43ffdeb05487c9f60551906fb - CVE-2016-1835 * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral - prevent stable pointer usage in HTMLparser.c. - 11ed4a7a90d5ce156a18980a4ad4e53e77384852 - CVE-2016-1837 * SECURITY UPDATE: heap-based buffer overread in xmlParserPrintFileContextInternal - add bounds check to parser.c, add tests to result/errors/758588.xml.err, result/errors/758588.xml.str, test/errors/758588.xml. - db07dd613e461df93dde7902c6505629bf0734e9 - CVE-2016-1838 * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString - add bounds check to HTMLparser.c. - a820dbeac29d330bae4be05d9ecd939ad6b4aa33 - CVE-2015-8806 - CVE-2016-1839 - CVE-2016-2073 * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup - properly handle error in xmlregexp.c. - cbb271655cadeb8dbb258a64701d9a3a0c4835b4 - CVE-2016-1840 * SECURITY UPDATE: avoid building recursive entities - properly handle recursion in parser.c, tree.c. - bdd66182ef53fe1f7209ab6535fda56366bd7ac9 - CVE-2016-3627 * SECURITY UPDATE: recursion depth counter issue - properly could recursion depth in parser.c. - 8f30bdff69edac9075f4663ce3b56b0c52d48ce6 - CVE-2016-3705 * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName - improve error handling in parser.c. - 00906759053986b8079985644172085f74331f83 - CVE-2016-4447 * SECURITY UPDATE: inappropriate fetch of entities content - fix another external entity fetch in parser.c. - b1d34de46a11323fccffa9fadeb33be670d602f5 - CVE-2016-4449 * SECURITY UPDATE: out of bound access when serializing malformed strings - improve string handling in xmlsave.c. - c97750d11bb8b6f3303e7131fe526a61ac65bcfd - CVE-2016-4483 -- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 09:11:38 -0400
libxml2 (2.9.1+dfsg1-3ubuntu4.8) trusty-security; urgency=medium * SECURITY UPDATE: heap-based buffer overread in xmlNextChar - debian/patches/CVE-2016-1762.patch: return after error in parser.c. - CVE-2016-1762 * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar - debian/patches/CVE-2016-1833-pre.patch: clear up NULL deref in parserInternals.c. - debian/patches/CVE-2016-1833-pre2.patch: handle 0-length entities in parserInternals.c. - debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c. - CVE-2016-1833 * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat - debian/patches/CVE-2016-1834.patch: check for negative lengths in xmlstring.c. - CVE-2016-1834 * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs - debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests to result/errors/759020.xml.err, result/errors/759020.xml.str, test/errors/759020.xml. - CVE-2016-1835 * SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey - debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in parser.c, added tests to result/errors/759398.xml.err, result/errors/759398.xml.str, test/errors/759398.xml. - CVE-2016-1836 * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral - debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in HTMLparser.c. - CVE-2016-1837 * SECURITY UPDATE: heap-based buffer overread in xmlParserPrintFileContextInternal - debian/patches/CVE-2016-1838.patch: add bounds check to parser.c, add tests to result/errors/758588.xml.err, result/errors/758588.xml.str, test/errors/758588.xml. - CVE-2016-1838 * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString - debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c. - CVE-2015-8806 - CVE-2016-1839 - CVE-2016-2073 * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup - debian/patches/CVE-2016-1840.patch: properly handle error in xmlregexp.c. - CVE-2016-1840 * SECURITY UPDATE: avoid building recursive entities - debian/patches/CVE-2016-3627.patch: properly handle recursion in parser.c, tree.c. - CVE-2016-3627 * SECURITY UPDATE: recursion depth counter issue - debian/patches/CVE-2016-3705.patch: properly could recursion depth in parser.c. - CVE-2016-3705 * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName - debian/patches/CVE-2016-4447.patch: improve error handling in parser.c. - CVE-2016-4447 * SECURITY UPDATE: inappropriate fetch of entities content - debian/patches/CVE-2016-4449.patch: fix another external entity fetch in parser.c. - CVE-2016-4449 * SECURITY UPDATE: out of bound access when serializing malformed strings - debian/patches/CVE-2016-4483.patch: improve string handling in xmlsave.c. - CVE-2016-4483 -- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 08:59:55 -0400
Available diffs
libxml2 (2.9.2+zdfsg1-4ubuntu0.4) wily-security; urgency=medium * SECURITY UPDATE: heap-based buffer overread in xmlNextChar - debian/patches/CVE-2016-1762.patch: return after error in parser.c. - CVE-2016-1762 * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar - debian/patches/CVE-2016-1833-pre2.patch: handle 0-length entities in parserInternals.c. - debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c. - CVE-2016-1833 * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat - debian/patches/CVE-2016-1834.patch: check for negative lengths in xmlstring.c. - CVE-2016-1834 * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs - debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests to result/errors/759020.xml.err, result/errors/759020.xml.str, test/errors/759020.xml. - CVE-2016-1835 * SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey - debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in parser.c, added tests to result/errors/759398.xml.err, result/errors/759398.xml.str, test/errors/759398.xml. - CVE-2016-1836 * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral - debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in HTMLparser.c. - CVE-2016-1837 * SECURITY UPDATE: heap-based buffer overread in xmlParserPrintFileContextInternal - debian/patches/CVE-2016-1838.patch: add bounds check to parser.c, add tests to result/errors/758588.xml.err, result/errors/758588.xml.str, test/errors/758588.xml. - CVE-2016-1838 * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString - debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c. - CVE-2015-8806 - CVE-2016-1839 - CVE-2016-2073 * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup - debian/patches/CVE-2016-1840.patch: properly handle error in xmlregexp.c. - CVE-2016-1840 * SECURITY UPDATE: avoid building recursive entities - debian/patches/CVE-2016-3627.patch: properly handle recursion in parser.c, tree.c. - CVE-2016-3627 * SECURITY UPDATE: recursion depth counter issue - debian/patches/CVE-2016-3705.patch: properly could recursion depth in parser.c. - CVE-2016-3705 * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName - debian/patches/CVE-2016-4447.patch: improve error handling in parser.c. - CVE-2016-4447 * SECURITY UPDATE: inappropriate fetch of entities content - debian/patches/CVE-2016-4449.patch: fix another external entity fetch in parser.c. - CVE-2016-4449 * SECURITY UPDATE: out of bound access when serializing malformed strings - debian/patches/CVE-2016-4483.patch: improve string handling in xmlsave.c. - CVE-2016-4483 -- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 08:55:52 -0400
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.1) xenial-security; urgency=medium * SECURITY UPDATE: heap-based buffer overread in xmlNextChar - debian/patches/CVE-2016-1762.patch: return after error in parser.c. - CVE-2016-1762 * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar - debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c. - CVE-2016-1833 * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat - debian/patches/CVE-2016-1834.patch: check for negative lengths in xmlstring.c. - CVE-2016-1834 * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs - debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests to result/errors/759020.xml.err, result/errors/759020.xml.str, test/errors/759020.xml. - CVE-2016-1835 * SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey - debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in parser.c, added tests to result/errors/759398.xml.err, result/errors/759398.xml.str, test/errors/759398.xml. - CVE-2016-1836 * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral - debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in HTMLparser.c. - CVE-2016-1837 * SECURITY UPDATE: heap-based buffer overread in xmlParserPrintFileContextInternal - debian/patches/CVE-2016-1838.patch: add bounds check to parser.c, add tests to result/errors/758588.xml.err, result/errors/758588.xml.str, test/errors/758588.xml. - CVE-2016-1838 * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString - debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c. - CVE-2015-8806 - CVE-2016-1839 - CVE-2016-2073 * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup - debian/patches/CVE-2016-1840.patch: properly handle error in xmlregexp.c. - CVE-2016-1840 * SECURITY UPDATE: avoid building recursive entities - debian/patches/CVE-2016-3627.patch: properly handle recursion in parser.c, tree.c. - CVE-2016-3627 * SECURITY UPDATE: recursion depth counter issue - debian/patches/CVE-2016-3705.patch: properly could recursion depth in parser.c. - CVE-2016-3705 * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName - debian/patches/CVE-2016-4447.patch: improve error handling in parser.c. - CVE-2016-4447 * SECURITY UPDATE: inappropriate fetch of entities content - debian/patches/CVE-2016-4449.patch: fix another external entity fetch in parser.c. - CVE-2016-4449 * SECURITY UPDATE: out of bound access when serializing malformed strings - debian/patches/CVE-2016-4483.patch: improve string handling in xmlsave.c. - CVE-2016-4483 -- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 08:05:40 -0400
Available diffs
Superseded in yakkety-proposed |
libxml2 (2.9.3+dfsg1-1.1) unstable; urgency=medium * Non-maintainer upload. * Heap-based buffer overread in xmlNextChar (CVE-2016-1762) * heap-buffer-overflow in xmlStrncat (CVE-2016-1834) * Add missing increments of recursion depth counter to XML parser (CVE-2016-3705) (Closes: #823414) * Avoid an out of bound access when serializing malformed strings (CVE-2016-4483) (Closes: #823405) * Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840) * Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838) * Heap-based buffer overread in xmlDictAddString (CVE-2016-1839 CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807) * Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836) * Fix inappropriate fetch of entities content (CVE-2016-4449) * Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) * Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) * Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447) * Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) * Avoid building recursive entities (CVE-2016-3627) (Closes: #819006) -- Salvatore Bonaccorso <email address hidden> Sat, 28 May 2016 06:51:08 +0200
Available diffs
libxml2 (2.9.3+dfsg1-1build1) yakkety; urgency=medium * No-change rebuild for libicu soname change. -- Matthias Klose <email address hidden> Fri, 22 Apr 2016 22:58:37 +0000
Available diffs
libxml2 (2.9.2+zdfsg1-4ubuntu0.3) wily-security; urgency=medium * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW (LP: #1525996) - add extra commits to this previously-fixed CVE - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it makes sense in parser.c. - debian/patches/CVE-2015-7499-4.patch: do not print error context when there is none in error.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds memory access via unclosed html comment - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed comment uninitialized access in HTMLparser.c. - CVE-2015-8710 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:11:43 -0500
Available diffs
libxml2 (2.9.2+dfsg1-3ubuntu0.3) vivid-security; urgency=medium * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW (LP: #1525996) - add extra commits to this previously-fixed CVE - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it makes sense in parser.c. - debian/patches/CVE-2015-7499-4.patch: do not print error context when there is none in error.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds memory access via unclosed html comment - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed comment uninitialized access in HTMLparser.c. - CVE-2015-8710 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:12:24 -0500
Available diffs
libxml2 (2.9.1+dfsg1-3ubuntu4.7) trusty-security; urgency=medium * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW (LP: #1525996) - add extra commits to this previously-fixed CVE - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it makes sense in parser.c. - debian/patches/CVE-2015-7499-4.patch: do not print error context when there is none in error.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds memory access via unclosed html comment - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed comment uninitialized access in HTMLparser.c. - CVE-2015-8710 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:13:10 -0500
Available diffs
libxml2 (2.7.8.dfsg-5.1ubuntu4.14) precise-security; urgency=medium * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW (LP: #1525996) - add extra commits to this previously-fixed CVE - parser.c: reuse xmlHaltParser() where it makes sense. - e3b1597421ad7cbeb5939fc3b54f43f141c82366 - error.c: do not print error context when there is none. - ce0b0d0d81fdbb5f722a890432b52d363e4de57b - CVE-2015-7499 * SECURITY UPDATE: out of bounds memory access via unclosed html comment - HTMLparser.c: fix parsing short unclosed comment uninitialized access. - e724879d964d774df9b7969fc846605aa1bac54c - CVE-2015-8710 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 13:16:09 -0500
Available diffs
libxml2 (2.9.2+zdfsg1-4ubuntu3) xenial; urgency=medium * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW (LP: #1525996) - add extra commits to this previously-fixed CVE - debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it makes sense in parser.c. - debian/patches/CVE-2015-7499-4.patch: do not print error context when there is none in error.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds memory access via unclosed html comment - debian/patches/CVE-2015-8710.patch: fix parsing short unclosed comment uninitialized access in HTMLparser.c. - CVE-2015-8710 -- Marc Deslauriers <email address hidden> Thu, 14 Jan 2016 08:59:31 -0500
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
libxml2 (2.9.3+dfsg1-1) unstable; urgency=medium * New upstream release. -- Aron Xu <email address hidden> Mon, 14 Dec 2015 15:35:25 +0800
Available diffs
libxml2 (2.7.8.dfsg-5.1ubuntu4.13) precise-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - parser.c: properly exit when entity expansion is detected. - https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - dict.c: check offset. - https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - parser.c: avoid processing entities after encoding conversion failures. - https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - parser.c: add xmlHaltParser() to stop the parser and check input. - https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc - https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - parser.c: check entity boundaries. - https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - parser.c: add extra EOF check. - https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - HTMLparser.c: use pointer in the input in. - https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 - CVE-2015-8242 * SECURITY UPDATE: denial of service via encoding failures - parser.c: do not process encoding values if the declaration is broken and fail parsing if the encoding conversion failed. - https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c - https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e - CVE-2015-8317 -- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 12:35:41 -0500
libxml2 (2.9.2+dfsg1-3ubuntu0.2) vivid-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242 * SECURITY UPDATE: denial of service via encoding failures - debian/patches/CVE-2015-8317-1.patch: do not process encoding values if the declaration is broken in parser.c. - debian/patches/CVE-2015-8317-2.patch: fail parsing if the encoding conversion failed in parser.c. - CVE-2015-8317 -- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 11:35:28 -0500
libxml2 (2.9.1+dfsg1-3ubuntu4.6) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242 * SECURITY UPDATE: denial of service via encoding failures - debian/patches/CVE-2015-8317-1.patch: do not process encoding values if the declaration is broken in parser.c. - debian/patches/CVE-2015-8317-2.patch: fail parsing if the encoding conversion failed in parser.c. - CVE-2015-8317 -- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 12:00:30 -0500
libxml2 (2.9.2+zdfsg1-4ubuntu0.2) wily-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242 -- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 11:18:32 -0500
libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242 -- Marc Deslauriers <email address hidden> Wed, 09 Dec 2015 10:15:37 -0500
Available diffs
libxml2 (2.7.8.dfsg-5.1ubuntu4.12) precise-security; urgency=medium * SECURITY UPDATE: denial of service via XEE attack - include/libxml/tree.h, tree.c, xmlreader.c: enforce the reader to run in constant memory. - patch obtained from Debian's 2.7.8.dfsg-2+squeeze12 package. - CVE-2015-1819 * SECURITY UPDATE: denial of service via out-of-bounds read - parser.c: stop parsing on entities boundaries errors. - https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 - https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 - CVE-2015-7941 * SECURITY UPDATE: overflow in conditional sections - parser.c: properly check input. - https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d - https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450 - CVE-2015-7942 -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 09:28:57 -0500
libxml2 (2.9.1+dfsg1-3ubuntu4.5) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via XEE attack - debian/patches/CVE-2015-1819.patch: enforce the reader to run in constant memory in buf.c, include/libxml/tree.h, xmlreader.c. - CVE-2015-1819 * SECURITY UPDATE: denial of service via out-of-bounds read - debian/patches/CVE-2015-7941.patch: stop parsing on entities boundaries errors in parser.c. - CVE-2015-7941 * SECURITY UPDATE: overflow in conditional sections - debian/patches/CVE-2015-7942.patch: properly check input in parser.c. - CVE-2015-7942 * SECURITY UPDATE: denial of service via crafted document with xz - debian/patches/CVE-2015-8035.patch: check for error in xzlib.c. - CVE-2015-8035 -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 08:58:16 -0500
libxml2 (2.9.2+dfsg1-3ubuntu0.1) vivid-security; urgency=medium * SECURITY UPDATE: denial of service via XEE attack - debian/patches/CVE-2015-1819.patch: enforce the reader to run in constant memory in buf.c, include/libxml/tree.h, xmlreader.c. - CVE-2015-1819 * SECURITY UPDATE: denial of service via out-of-bounds read - debian/patches/CVE-2015-7941.patch: stop parsing on entities boundaries errors in parser.c. - CVE-2015-7941 * SECURITY UPDATE: overflow in conditional sections - debian/patches/CVE-2015-7942.patch: properly check input in parser.c. - CVE-2015-7942 -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 08:52:21 -0500
Available diffs
libxml2 (2.9.2+zdfsg1-4ubuntu0.1) wily-security; urgency=medium * SECURITY UPDATE: overflow in conditional sections - debian/patches/CVE-2015-7942.patch: properly check input in parser.c. - CVE-2015-7942 -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 08:50:07 -0500
Available diffs
libxml2 (2.9.2+zdfsg1-4ubuntu1) xenial; urgency=medium * SECURITY UPDATE: overflow in conditional sections - debian/patches/CVE-2015-7942.patch: properly check input in parser.c. - CVE-2015-7942 * SECURITY UPDATE: denial of service via crafted document with xz - debian/patches/CVE-2015-8035.patch: check for error in xzlib.c. - CVE-2015-8035 * debian/patches/re-enable-xz-support.patch: re-enable xz support that was disabled by mistake in 2.9.2. * debian/libxml2.symbols: added new symbol. -- Marc Deslauriers <email address hidden> Fri, 13 Nov 2015 07:30:36 -0500
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
libxml2 (2.9.2+zdfsg1-4) unstable; urgency=medium * Revert everything in N'ACKed NMU revert to 2.9.1. - Resolving regression, Closes: #754424 - Drop the following NMU, not needed in 2.9.2, Closes: #781232 - Drop not approved patch for GNOME #746048 * Revert icu dbg drop, but don't hardcode version, thanks Matthias Klose <doko>, Closes: #798642 * Cherry pick upstream post release patches: - Fix for regression triggered by CVE-2014-3660, Closes: #768089 - Fix for the spurious ID already defined error, Closes: #766884 - Fix for CVE-2015-1819, Closes: #782782 - Fix for GNOME #744980, Closes: #783010 - Several fixes for memory related issues. -- Aron Xu <email address hidden> Tue, 22 Sep 2015 16:31:48 +0800
Available diffs
libxml2 (2.9.2+dfsg1-3ubuntu2) wily; urgency=medium * Fix the spurious ID already defined error. Gnome #737840. * Don't hardcode the libicuXX-dbg dependency. -- Matthias Klose <email address hidden> Fri, 11 Sep 2015 13:26:44 +0200
Available diffs
libxml2 (2.9.2+dfsg1-3ubuntu1) wily; urgency=medium * Update hardcoded libicu52-dbg dep -- Iain Lane <email address hidden> Wed, 05 Aug 2015 17:40:32 +0100
Available diffs
Superseded in wily-proposed |
libxml2 (2.9.2+dfsg1-3build2) wily; urgency=medium * No-change rebuild against new libicu -- Iain Lane <email address hidden> Wed, 05 Aug 2015 17:40:32 +0100
Available diffs
Superseded in wily-proposed |
libxml2 (2.9.2+dfsg1-3build1) wily; urgency=medium * Rebuild for icu 55. -- Matthias Klose <email address hidden> Mon, 03 Aug 2015 21:21:48 +0000
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
libxml2 (2.9.2+dfsg1-3) unstable; urgency=medium * Add icu related deps for -dev and -dbg packages (Closes: #776741) -- Aron Xu <email address hidden> Sun, 01 Feb 2015 12:35:52 +0800
Available diffs
- diff from 2.9.2+dfsg1-1 to 2.9.2+dfsg1-3 (2.1 KiB)
- diff from 2.9.2+dfsg1-2 to 2.9.2+dfsg1-3 (618 bytes)
Superseded in vivid-proposed |
libxml2 (2.9.2+dfsg1-2) unstable; urgency=medium [ Michael Gilbert ] * Enable icu support (Closes: #776254) [ Aron Xu ] * 0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch: Fix upstream bug triggered by CVE fix (Closes: #768089) -- Aron Xu <email address hidden> Fri, 30 Jan 2015 13:52:23 +0800
Available diffs
- diff from 2.9.2+dfsg1-1 to 2.9.2+dfsg1-2 (1.8 KiB)
libxml2 (2.9.2+dfsg1-1) unstable; urgency=low * New upstream release (Closes: #765722, CVE-2014-3660) * Remove no-longer-needed upstream patches * Update distro patch * Std-ver: 3.9.5 -> 3.9.6, no change. -- Aron Xu <email address hidden> Sun, 26 Oct 2014 07:04:50 +0800
Available diffs
libxml2 (2.7.6.dfsg-1ubuntu1.15) lucid-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking and add additional tests. - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72 - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777 - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230 - CVE-2014-3660 -- Marc Deslauriers <email address hidden> Wed, 22 Oct 2014 14:27:25 -0400
76 → 150 of 307 results | First • Previous • Next • Last |