lp:ubuntu/hardy-security/libxml2
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/libxml2
Branch merges
Branch information
Recent revisions
- 36. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via entity expansion
- include/libxml/ parser. h, parser.c, parserInternals.c: limit number of
entity expansions, thanks to Daniel Veillard.
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=23f05e0c339 87d6605387b300c 4be5da2120a7ab
- CVE-2013-0338 - 35. By Seth Arnold
-
* SECURITY UPDATE: buffer underflow in xmlParseAttValu
eComplex( )
- debian/patches/ CVE-2012- 5134.patch: add array bounds checking in
parser.c, thanks to Daniel Veillard
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=6a36fbe3b3e 001a8a840b5c1fd d81cefc9947f0d
- CVE-2012-5134 - 34. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer sizes.
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=459eeb9dc75 2d5185f57ff6b13 5027f11981a626
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=4f9fdc709c4 861c390cd84e2ed 1fd878b3442e28
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=baaf03f80f8 17bb34c421421e6 cb4d68c353ac9a
- CVE-2012-2807 - 33. By Jamie Strandboge
-
* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
- d8e1faeaa99c7a7c07af01c1c72de3 52eb590a3e
- CVE-2011-3102 - 32. By Jamie Strandboge
-
* SECURITY UPDATE: add randomization to dictionaries with hash tables
help prevent denial of service via hash algorithm collision
- configure.in: lookup for rand, srand and time
- dict.c: add randomization to dictionaries hash tables
- hash.c: add randomization to normal hash tables
- CVE-2012-0841
This patch based on RedHat's 2.6 patch which includes the following
commits:
- b242b08831637432984439729a1701 53bdc3ed8d
- e9100a589d9dc97a09b2295db18657 ce31adee65
- 424785e793a77c1f35898aeb31fc7c d64ba57334
- ffda65f0e6447eba3807d04bf67024 3702da026b
- d68f8912c46a01f6c200e1414d2909 47b7db630e
- 523e63559961f31e142c72049bb9b2 595974c82f - 31. By Jamie Strandboge
-
* SECURITY UPDATE: fix off-by-one leading to denial of service
- encoding.c: adjust calculation of space available
- 69f04562f75212bfcabecd190ea8b0 6ace28ece2
- CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
- xpath.c: fix missing error status in XPath evaluation
- 1d4526f6f4ec8d18c40e2a09b38765 2a6c1aa2cd
- CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
- parser.c: make sure the parser returns when getting a Stop order
- 77404b8b69bc122d12231807abf1a8 37d121b551
- CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
- parser.c: fix an allocation error when copying entities
- 5bd3c061823a8499b27422aee04ea2 0aae24f03e
- CVE-2011-3919 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
specially crafted xml file
- xpath.c: update count only if allocation succeeds.
- http://git.gnome. org/browse/ libxml2/ commit/ ?id=d7958b21e7f 8c447a26bb2436f 08402b2c308be4
- CVE-2011-1944 - 29. By Jamie Strandboge
-
* SECURITY UPDATE: fix invalid memory read by fixing the semantic of XPath
axis for namespace/attribute context nodes
- http://git.gnome. org/browse/ libxml2/ patch/? id=91d19754d46a cd4a639a8b9e31f 50f31c78f8c9c
- http://git.gnome. org/browse/ libxml2/ patch/? id=ea90b8941460 30c214a7df6d837 5310174f134b9
- CVE-2010-4008 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/libxml2