Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/libxml2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

36. By Marc Deslauriers

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

35. By Seth Arnold

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
  - CVE-2012-5134

33. By Jamie Strandboge

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

32. By Jamie Strandboge

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - CVE-2012-0841
  This patch based on RedHat's 2.6 patch which includes the following
  - b242b08831637432984439729a170153bdc3ed8d
  - e9100a589d9dc97a09b2295db18657ce31adee65
  - 424785e793a77c1f35898aeb31fc7cd64ba57334
  - ffda65f0e6447eba3807d04bf670243702da026b
  - d68f8912c46a01f6c200e1414d290947b7db630e
  - 523e63559961f31e142c72049bb9b2595974c82f

31. By Jamie Strandboge

* SECURITY UPDATE: fix off-by-one leading to denial of service
  - encoding.c: adjust calculation of space available
  - 69f04562f75212bfcabecd190ea8b06ace28ece2
  - CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.c: fix missing error status in XPath evaluation
  - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
  - CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
  - parser.c: make sure the parser returns when getting a Stop order
  - 77404b8b69bc122d12231807abf1a837d121b551
  - CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
  - parser.c: fix an allocation error when copying entities
  - 5bd3c061823a8499b27422aee04ea20aae24f03e
  - CVE-2011-3919

30. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  specially crafted xml file
  - xpath.c: update count only if allocation succeeds.
  - http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
  - CVE-2011-1944

29. By Jamie Strandboge

* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
  axis for namespace/attribute context nodes
  - http://git.gnome.org/browse/libxml2/patch/?id=91d19754d46acd4a639a8b9e31f50f31c78f8c9c
  - http://git.gnome.org/browse/libxml2/patch/?id=ea90b894146030c214a7df6d8375310174f134b9
  - CVE-2010-4008

28. By Marc Deslauriers

* SECURITY UPDATE: denial of service via stack overflow from crafted
  root XML document element DTD definition
  - parser.c: validate ctxt->depth isn't too deep
  - CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
  Notation and Enumeration attribute types
  - parser.c: use xmlFreeEnumeration before returning.
  - CVE-2009-2416

27. By Kees Cook

* SECURITY UPDATE: infinite loop, integer overflow, and double-free.
  - parserInternals.c: upstream fix for double-free (svn rev 3741).
  - tree.c: fix for infinite loop, thanks to Mike Hommey (CVE-2008-4225).
  - SAX2.c: fix for integer overflow, thanks to Mike Hommey CVE-2008-4226).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.