2.9.4 for three CVEs (close #156...

Graham Christensen Wed, 25 May 2016 09:34:11 -0700

  Branch: refs/heads/release-16.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 809aa9ca22e53fbdf52b622b45117f95001ac4f9
      
https://github.com/NixOS/nixpkgs/commit/809aa9ca22e53fbdf52b622b45117f95001ac4f9
  Author: Graham Christensen <[email protected]>
  Date:   2016-05-25 (Wed, 25 May 2016)


  Changed paths:
    M pkgs/development/libraries/libxml2/default.nix

  Log Message:
  -----------
  libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #15697)

 - CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName
   https://bugzilla.redhat.com/show_bug.cgi?id=1338686

 - CVE-2016-4448 libxml2: Format string vulnerability
   https://bugzilla.redhat.com/show_bug.cgi?id=1338700

 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
   https://bugzilla.redhat.com/show_bug.cgi?id=1338701

and many other fixed issues, available at http://www.xmlsoft.org/news.html

(cherry picked from commit 772851ff46be1c16c417766671a0e701668d8195)

_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 809aa9: libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #156...

Reply via email to