lp:ubuntu/precise-security/libxml2

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

64. By Marc Deslauriers on 2014-10-22

* SECURITY UPDATE: denial of service via entity expansion
  - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
    and add additional tests.
  - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
  - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
  - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
  - CVE-2014-3660

63. By Marc Deslauriers on 2014-06-13

* SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
  - use upstream commit which includes additional regression fixes to
    parser.c.
  - https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825

62. By Marc Deslauriers on 2014-06-06

* SECURITY REGRESSION: xmllint no longer loads entities with --postvalid
  (LP: #1321869)
  - Thanks to Alexey Neyman for proposed patch
  - https://mail.gnome.org/archives/xml/2014-May/msg00003.html

61. By Marc Deslauriers on 2014-05-08

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - parser.c: do not fetch external parameter entities.
  - https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
  - CVE-2014-0191

60. By Marc Deslauriers on 2013-07-16

* SECURITY REGRESSION: regression with lxml (LP: #1201849)
  - parser.c: revised to fix regression, and a couple of wrong return
    values.
  - CVE-2013-2877

59. By Marc Deslauriers on 2013-07-11

* SECURITY UPDATE: external entity expansion attack (LP: #1194410)
  - do not fetch external parsed entities in parser.c, added test to
    test/errors/extparsedent.xml, result/errors/extparsedent.xml.
  - https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
  - CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
  - try to stop parsing as quickly as possible in parser.c,
    include/libxml/xmlerror.h.
  - https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50
  - https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
  - CVE-2013-2877

58. By Marc Deslauriers on 2013-03-26

* SECURITY UPDATE: denial of service via entity expansion
  - include/libxml/parser.h, parser.c, parserInternals.c: limit number of
    entity expansions, thanks to Daniel Veillard.
  - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
  - CVE-2013-0338

57. By Seth Arnold on 2012-12-04

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
  - CVE-2012-5134

56. By Marc Deslauriers on 2012-09-26

* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer sizes.
  - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
  - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28
  - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a
  - CVE-2012-2807

55. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102