Created by Ubuntu Package Importer on 2012-12-05 and last modified on 2014-05-08
Get this branch:
bzr branch lp:ubuntu/quantal-security/libxml2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

64. By Marc Deslauriers on 2014-05-08

* SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191

63. By Marc Deslauriers on 2013-07-16

* SECURITY REGRESSION: regression with lxml (LP: #1201849)
  - debian/patches/CVE-2013-2877.patch: revised to fix regression, and a
    couple of wrong return values.
  - CVE-2013-2877

62. By Marc Deslauriers on 2013-07-11

* SECURITY UPDATE: external entity expansion attack (LP: #1194410)
  - debian/patches/CVE-2013-0339.patch: do not fetch external parsed
    entities in parser.c, added test to test/errors/extparsedent.xml,
  - CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
  - debian/patches/CVE-2013-2877.patch: try to stop parsing as quickly as
    possible in parser.c, include/libxml/xmlerror.h.
  - CVE-2013-2877

61. By Marc Deslauriers on 2013-03-26

* SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2013-0338.patch: limit number of entity expansions
    in include/libxml/parser.h, parser.c, parserInternals.c.
  - CVE-2013-0338

60. By Seth Arnold on 2012-12-04

* SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - CVE-2012-5134

59. By Daniel Holbach on 2012-10-10

debian/tests/control: added pkg-config as depends for the test.
Change forwarded to Debian as bug 690047.

58. By Daniel Holbach on 2012-10-09

* debian/tests/build, debian/tests/control: add test to check
  that code can be easily built against libxml2, test some core
  functionality too.
* debian/control: enable autopkgtest.

57. By Aron Xu on 2012-07-19

[ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, Closes: #679280.

56. By Iain Lane on 2012-06-25

* Merge with Debian (LP: #987502), remaining changes:
  - Don't drop *.la file. Some libraries still depend on it.

55. By Jamie Strandboge on 2012-05-18

* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
  - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
  - CVE-2011-3102

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.