Created by Ubuntu Package Importer on 2012-01-19 and last modified on 2013-03-26
Get this branch:
bzr branch lp:ubuntu/oneiric-security/libxml2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

48. By Marc Deslauriers on 2013-03-26

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

47. By Seth Arnold on 2012-12-04

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
  - CVE-2012-5134

45. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

44. By Jamie Strandboge on 2012-02-24

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

43. By Jamie Strandboge on 2012-01-18

* SECURITY UPDATE: fix off-by-one leading to denial of service
  - encoding.c: adjust calculation of space available
  - 69f04562f75212bfcabecd190ea8b06ace28ece2
  - CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
    entering a function or a scoped evaluation
  - f5048b3e71fc30ad096970b8df6e7af073bae4cb
  - CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.c: fix missing error status in XPath evaluation
  - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
  - CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
  - parser.c: make sure the parser returns when getting a Stop order
  - 77404b8b69bc122d12231807abf1a837d121b551
  - CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
  - parser.c: fix an allocation error when copying entities
  - 5bd3c061823a8499b27422aee04ea20aae24f03e
  - CVE-2011-3919

42. By Mike Hommey <email address hidden> on 2011-07-29

* debian/rules: Add --with python2 to dh call.
* debian/control:
  - Remove build dependency on python-support.
  - Build depend on python-all-dev >= 2.6.6-3~.
  - Remove XB-Python-Version header.
  - Bump Standards-Version to No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
  Thanks Colin Watson.

41. By Mike Hommey <email address hidden> on 2011-06-04

xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537.

40. By Mike Hommey <email address hidden> on 2010-12-25

xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.

39. By Mike Hommey <email address hidden> on 2010-11-05

* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.