lp:ubuntu/oneiric-updates/libxml2
- Get this branch:
- bzr branch lp:ubuntu/oneiric-updates/libxml2
Branch merges
Branch information
Recent revisions
- 48. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via entity expansion
- include/libxml/ parser. h, parser.c, parserInternals.c: limit number of
entity expansions, thanks to Daniel Veillard.
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=23f05e0c339 87d6605387b300c 4be5da2120a7ab
- CVE-2013-0338 - 47. By Seth Arnold
-
* SECURITY UPDATE: buffer underflow in xmlParseAttValu
eComplex( )
- debian/patches/ CVE-2012- 5134.patch: add array bounds checking in
parser.c, thanks to Daniel Veillard
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=6a36fbe3b3e 001a8a840b5c1fd d81cefc9947f0d
- CVE-2012-5134 - 46. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer sizes.
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=459eeb9dc75 2d5185f57ff6b13 5027f11981a626
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=4f9fdc709c4 861c390cd84e2ed 1fd878b3442e28
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=baaf03f80f8 17bb34c421421e6 cb4d68c353ac9a
- CVE-2012-2807 - 45. By Jamie Strandboge
-
* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
- d8e1faeaa99c7a7c07af01c1c72de3 52eb590a3e
- CVE-2011-3102 - 44. By Jamie Strandboge
-
* SECURITY UPDATE: add randomization to dictionaries with hash tables
help prevent denial of service via hash algorithm collision
- configure.in: lookup for rand, srand and time
- dict.c: add randomization to dictionaries hash tables
- hash.c: add randomization to normal hash tables
- 8973d58b7498fa5100a876815476b8 1fd1a2412a
- CVE-2012-0841 - 43. By Jamie Strandboge
-
* SECURITY UPDATE: fix off-by-one leading to denial of service
- encoding.c: adjust calculation of space available
- 69f04562f75212bfcabecd190ea8b0 6ace28ece2
- CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
entering a function or a scoped evaluation
- f5048b3e71fc30ad096970b8df6e7a f073bae4cb
- CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.c: fix missing error status in XPath evaluation
- 1d4526f6f4ec8d18c40e2a09b38765 2a6c1aa2cd
- CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
- parser.c: make sure the parser returns when getting a Stop order
- 77404b8b69bc122d12231807abf1a8 37d121b551
- CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea2 0aae24f03e
- CVE-2011-3919 - 42. By Mike Hommey <email address hidden>
-
* debian/rules: Add --with python2 to dh call.
* debian/control:
- Remove build dependency on python-support.
- Build depend on python-all-dev >= 2.6.6-3~.
- Remove XB-Python-Version header.
- Bump Standards-Version to 3.9.2.0. No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
Thanks Colin Watson. - 41. By Mike Hommey <email address hidden>
-
xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537. - 40. By Mike Hommey <email address hidden>
-
xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922. - 39. By Mike Hommey <email address hidden>
-
* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/libxml2