libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242
Date: Wed, 09 Dec 2015 10:15:37 -0500 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 09 Dec 2015 10:15:37 -0500 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg libxml2-udeb Architecture: source Version: 2.9.2+zdfsg1-4ubuntu2 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library - minimal runtime (udeb) libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium . * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit when entity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE: denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entities after encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch: check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read in xmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITY UPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch: use pointer in the input in HTMLparser.c. - CVE-2015-8242 Checksums-Sha1: cbb960b7a74e19c35ba8ebc71de22c2a9f470c60 2757 libxml2_2.9.2+zdfsg1-4ubuntu2.dsc ba3316ae8c8d95d3e0691dc22f5cf579ab748f33 34468 libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz Checksums-Sha256: 953eab575f0ef0c2e2f3475a15f125c57eb4528b80c0c4b271feda455cfbeb06 2757 libxml2_2.9.2+zdfsg1-4ubuntu2.dsc 136b89d12ac5a5fa64ffd71c043f915abf96e91f641830e547ad44de3aceadc5 34468 libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz Files: 4483ed0460656fe9d98f2278856a0bcf 2757 libs optional libxml2_2.9.2+zdfsg1-4ubuntu2.dsc 7da2fce9569ea3a980eb5317175d9fc8 34468 libs optional libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWaFdyAAoJEGVp2FWnRL6TW3gP/R7X4n8oDIIUIXrbySA2R6mt B+Cqw6xnSK7lXHjALTNl/f/kXVr5b7vqpQ0dNMp/mWKVU56f5y2UorcYEcITo5oi 88lJKtw79hUxSo+WYFd+alWamoUmg88/JUUTOasuH+wyyZHhfEB8fbTBUReZ8VKO AyKkqqsw6fJ+QjjXceKkmOJQhRnJvAYytzsbcVqxZ1e3bwTtwbpoZ4OHb5BjZmOn HDRecj3JfLhyjebzh8UK7ZByemn0H1qK7OCE4Ms47j7/+fMBbHvTjd9++5uL8iiI LU8oI4NKVeZtIh7QJaCv0C3bbjq2JTpxhEKuLT1vgAdDs3aQzJuKJMRamIFOpTZ+ qmWonwSjn6EZ2mpU0LOFOX3Zyfl0rTrlfR2NIhHaKWQbtIBHqbxnpStvrQreCYSz OpU/aV+QM0kwFCqkB4D+cZ8mFkLw9UMteoJp7oeR3J6dOS/cVuW1Ve5KSQLQ8YWT dEgQbitVnNIoAGBv2sc/CbO33liiqZGHo9+yL/BpoirfXn2RiIybDQh5DmBB1SzR e4M6k7cJj7oIzNMsRSa4x/+KJ8879IwWRMOHgH7Y8+wXvv5Gk0lUCDwJnExxQa0r dM9+FG6oyh0q1pmyjnBorktZAyL/BqDYSlkpw9LVep42e6OSIZVPLpajFPMCoG4E wgA+KkI5zS7zcTF2H9e7 =p6CV -----END PGP SIGNATURE-----
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes