[ubuntu/xenial-proposed] libxml2 2.9.2+zdfsg1-4ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Dec 9 16:34:14 UTC 2015
libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium
* SECURITY UPDATE: denial of service via entity expansion issue
- debian/patches/CVE-2015-5312.patch: properly exit when entity
expansion is detected in parser.c.
- CVE-2015-5312
* SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey
- debian/patches/CVE-2015-7497.patch: check offset in dict.c.
- CVE-2015-7497
* SECURITY UPDATE: denial of service via encoding conversion failures
- debian/patches/CVE-2015-7498.patch: avoid processing entities after
encoding conversion failures in parser.c.
- CVE-2015-7498
* SECURITY UPDATE: out of bounds read in xmlGROW
- debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the
parser in parser.c.
- debian/patches/CVE-2015-7499-2.patch: check input in parser.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds read in xmlParseMisc
- debian/patches/CVE-2015-7500.patch: check entity boundaries in
parser.c.
- CVE-2015-7500
* SECURITY UPDATE: denial of service via extra processing of MarkupDecl
- debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c.
- CVE-2015-8241
* SECURITY UPDATE: buffer overead with HTML parser in push mode
- debian/patches/CVE-2015-8242.patch: use pointer in the input in
HTMLparser.c.
- CVE-2015-8242
Date: Wed, 09 Dec 2015 10:15:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 09 Dec 2015 10:15:37 -0500
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg libxml2-udeb
Architecture: source
Version: 2.9.2+zdfsg1-4ubuntu2
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-udeb - GNOME XML library - minimal runtime (udeb)
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium
.
* SECURITY UPDATE: denial of service via entity expansion issue
- debian/patches/CVE-2015-5312.patch: properly exit when entity
expansion is detected in parser.c.
- CVE-2015-5312
* SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey
- debian/patches/CVE-2015-7497.patch: check offset in dict.c.
- CVE-2015-7497
* SECURITY UPDATE: denial of service via encoding conversion failures
- debian/patches/CVE-2015-7498.patch: avoid processing entities after
encoding conversion failures in parser.c.
- CVE-2015-7498
* SECURITY UPDATE: out of bounds read in xmlGROW
- debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the
parser in parser.c.
- debian/patches/CVE-2015-7499-2.patch: check input in parser.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds read in xmlParseMisc
- debian/patches/CVE-2015-7500.patch: check entity boundaries in
parser.c.
- CVE-2015-7500
* SECURITY UPDATE: denial of service via extra processing of MarkupDecl
- debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c.
- CVE-2015-8241
* SECURITY UPDATE: buffer overead with HTML parser in push mode
- debian/patches/CVE-2015-8242.patch: use pointer in the input in
HTMLparser.c.
- CVE-2015-8242
Checksums-Sha1:
cbb960b7a74e19c35ba8ebc71de22c2a9f470c60 2757 libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
ba3316ae8c8d95d3e0691dc22f5cf579ab748f33 34468 libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Checksums-Sha256:
953eab575f0ef0c2e2f3475a15f125c57eb4528b80c0c4b271feda455cfbeb06 2757 libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
136b89d12ac5a5fa64ffd71c043f915abf96e91f641830e547ad44de3aceadc5 34468 libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Files:
4483ed0460656fe9d98f2278856a0bcf 2757 libs optional libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
7da2fce9569ea3a980eb5317175d9fc8 34468 libs optional libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWaFdyAAoJEGVp2FWnRL6TW3gP/R7X4n8oDIIUIXrbySA2R6mt
B+Cqw6xnSK7lXHjALTNl/f/kXVr5b7vqpQ0dNMp/mWKVU56f5y2UorcYEcITo5oi
88lJKtw79hUxSo+WYFd+alWamoUmg88/JUUTOasuH+wyyZHhfEB8fbTBUReZ8VKO
AyKkqqsw6fJ+QjjXceKkmOJQhRnJvAYytzsbcVqxZ1e3bwTtwbpoZ4OHb5BjZmOn
HDRecj3JfLhyjebzh8UK7ZByemn0H1qK7OCE4Ms47j7/+fMBbHvTjd9++5uL8iiI
LU8oI4NKVeZtIh7QJaCv0C3bbjq2JTpxhEKuLT1vgAdDs3aQzJuKJMRamIFOpTZ+
qmWonwSjn6EZ2mpU0LOFOX3Zyfl0rTrlfR2NIhHaKWQbtIBHqbxnpStvrQreCYSz
OpU/aV+QM0kwFCqkB4D+cZ8mFkLw9UMteoJp7oeR3J6dOS/cVuW1Ve5KSQLQ8YWT
dEgQbitVnNIoAGBv2sc/CbO33liiqZGHo9+yL/BpoirfXn2RiIybDQh5DmBB1SzR
e4M6k7cJj7oIzNMsRSa4x/+KJ8879IwWRMOHgH7Y8+wXvv5Gk0lUCDwJnExxQa0r
dM9+FG6oyh0q1pmyjnBorktZAyL/BqDYSlkpw9LVep42e6OSIZVPLpajFPMCoG4E
wgA+KkI5zS7zcTF2H9e7
=p6CV
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list