[ubuntu-cloud-archive/mitaka-updates] libxml2 (Accepted)

James Page james.page at ubuntu.com
Tue Jun 28 12:40:30 UTC 2016 

 libxml2 (2.9.3+dfsg1-1ubuntu0.1~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 libxml2 (2.9.3+dfsg1-1ubuntu0.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: heap-based buffer overread in xmlNextChar
     - debian/patches/CVE-2016-1762.patch: return after error in parser.c.
     - CVE-2016-1762
   * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar
     - debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c.
     - CVE-2016-1833
   * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat
     - debian/patches/CVE-2016-1834.patch: check for negative lengths in
       xmlstring.c.
     - CVE-2016-1834
   * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs
     - debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests
       to result/errors/759020.xml.err, result/errors/759020.xml.str,
       test/errors/759020.xml.
     - CVE-2016-1835
   * SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey
     - debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in
       parser.c, added tests to result/errors/759398.xml.err,
       result/errors/759398.xml.str, test/errors/759398.xml.
     - CVE-2016-1836
   * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and
     htmlParseSystemiteral
     - debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in
       HTMLparser.c.
     - CVE-2016-1837
   * SECURITY UPDATE: heap-based buffer overread in
     xmlParserPrintFileContextInternal
     - debian/patches/CVE-2016-1838.patch: add bounds check to parser.c,
       add tests to result/errors/758588.xml.err,
       result/errors/758588.xml.str, test/errors/758588.xml.
     - CVE-2016-1838
   * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString
     - debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c.
     - CVE-2015-8806
     - CVE-2016-1839
     - CVE-2016-2073
   * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup
     - debian/patches/CVE-2016-1840.patch: properly handle error in
       xmlregexp.c.
     - CVE-2016-1840
   * SECURITY UPDATE: avoid building recursive entities
     - debian/patches/CVE-2016-3627.patch: properly handle recursion in
       parser.c, tree.c.
     - CVE-2016-3627
   * SECURITY UPDATE: recursion depth counter issue
     - debian/patches/CVE-2016-3705.patch: properly could recursion depth in
       parser.c.
     - CVE-2016-3705
   * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName
     - debian/patches/CVE-2016-4447.patch: improve error handling in
       parser.c.
     - CVE-2016-4447
   * SECURITY UPDATE: inappropriate fetch of entities content
     - debian/patches/CVE-2016-4449.patch: fix another external entity fetch
       in parser.c.
     - CVE-2016-4449
   * SECURITY UPDATE: out of bound access when serializing malformed strings
     - debian/patches/CVE-2016-4483.patch: improve string handling in
       xmlsave.c.
     - CVE-2016-4483

Date: Tue, 07 Jun 2016 12:05:49 +0000
Changed-By: Openstack Ubuntu Testing Bot <openstack-testing-bot at ubuntu.com>
Signed-By: Openstack Ubuntu Testing Bot
Published-By: James Page <james.page at ubuntu.com>

More information about the Cloud-archive-changes mailing list