lp:ubuntu/oneiric-security/libxml2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

48. By Marc Deslauriers on 2013-03-26

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

47. By Seth Arnold on 2012-12-04

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
  - CVE-2012-5134

46. By Marc Deslauriers on 2012-09-26

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer sizes.
  - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
  - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
  - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a
  - CVE-2012-2807

45. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

44. By Jamie Strandboge on 2012-02-24

* SECURITY UPDATE: add randomization to dictionaries with hash tables
  help prevent denial of service via hash algorithm collision
  - configure.in: lookup for rand, srand and time
  - dict.c: add randomization to dictionaries hash tables
  - hash.c: add randomization to normal hash tables
  - 8973d58b7498fa5100a876815476b81fd1a2412a
  - CVE-2012-0841

43. By Jamie Strandboge on 2012-01-18

* SECURITY UPDATE: fix off-by-one leading to denial of service
  - encoding.c: adjust calculation of space available
  - 69f04562f75212bfcabecd190ea8b06ace28ece2
  - CVE-2011-0216
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.h, xpath.c: add a mechanism of frame for XPath evaluation when
    entering a function or a scoped evaluation
  - f5048b3e71fc30ad096970b8df6e7af073bae4cb
  - CVE-2011-2821
* SECURITY UPDATE: fix double free in XPath evaluation
  - xpath.c: fix missing error status in XPath evaluation
  - 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd
  - CVE-2011-2834
* SECURITY UPDATE: fix out of bounds read
  - parser.c: make sure the parser returns when getting a Stop order
  - 77404b8b69bc122d12231807abf1a837d121b551
  - CVE-2011-3905
* SECURITY UPDATE: fix heap overflow
  - parser.c: fix an allocation error when copying entities
  - 5bd3c061823a8499b27422aee04ea20aae24f03e
  - CVE-2011-3919

42. By Mike Hommey <email address hidden> on 2011-07-29

* debian/rules: Add --with python2 to dh call.
* debian/control:
  - Remove build dependency on python-support.
  - Build depend on python-all-dev >= 2.6.6-3~.
  - Remove XB-Python-Version header.
  - Bump Standards-Version to 3.9.2.0. No changes required.
* debian/pycompat: Removed. With the above changes, closes: #631416.
  Thanks Colin Watson.

41. By Mike Hommey <email address hidden> on 2011-06-04

xpath.c: Fix some potential problems on reallocation failures.
Closes: #628537.

40. By Mike Hommey <email address hidden> on 2010-12-25

xpath.c: Fix a double-freeing error in XPath processing code.
(CVE-2010-4494). Closes: #607922.

39. By Mike Hommey <email address hidden> on 2010-11-05

* New upstream release.
* configure.in: Applied upstream fix to reactivate symbol versioning script.