lp:ubuntu/lucid-security/libxml2

Created by James Westby on 2010-11-10 and last modified on 2014-10-22
Get this branch:
bzr branch lp:ubuntu/lucid-security/libxml2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

50. By Marc Deslauriers on 2014-10-22

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

49. By Marc Deslauriers on 2014-06-13

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - use upstream commit which includes additional regression fixes to
    parser.c.
  - https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825

48. By Marc Deslauriers on 2014-06-06

* SECURITY REGRESSION: xmllint no longer loads entities with --postvalid
  (LP: #1321869)
  - Thanks to Alexey Neyman for proposed patch
  - https://mail.gnome.org/archives/xml/2014-May/msg00003.html

47. By Marc Deslauriers on 2014-05-08

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - parser.c: do not fetch external parameter entities.
  - https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
  - CVE-2014-0191

46. By Marc Deslauriers on 2013-07-16

* SECURITY REGRESSION: regression with lxml (LP: #1201849)
  - parser.c: revised to fix regression, and a couple of wrong return
    values.
  - CVE-2013-2877

45. By Marc Deslauriers on 2013-07-11

* SECURITY UPDATE: external entity expansion attack (LP: #1194410)
  - do not fetch external parsed entities in parser.c, added test to
    test/errors/extparsedent.xml, result/errors/extparsedent.xml.
  - https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
  - CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
  - try to stop parsing as quickly as possible in parser.c,
    include/libxml/xmlerror.h.
  - https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50
  - https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
  - CVE-2013-2877

44. By Marc Deslauriers on 2013-03-26

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

43. By Seth Arnold on 2012-12-04

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
  - CVE-2012-5134

41. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/libxml2
This branch contains Public information 
Everyone can see this information.

Subscribers