CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2015/11/21 01:46:44
Modified files:
textproc/libxml: Makefile distinfo
Removed files:
textproc/libxml/patches: patch-buf_c patch-include_libxml_tree_h
patch-parser_c patch-xmlreader_c
patch-xzlib_c
Log message:
SECURITY: merge all recent CVEs from upstream
CVE-2015-8242 Buffer overead with HTML parser in push mode
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
CVE-2015-7499-2 Detect incoherency on GROW
CVE-2015-7499-1 Add xmlHaltParser() to stop the parser
CVE-2015-5312 Another entity expansion issue
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
CVE-2015-7498 Avoid processing entities after encoding conversion failures
CVE-2015-8035 Fix XZ compression support loop
CVE-2015-7942-2 Fix an error in previous Conditional section patch
CVE-2015-7942 Another variation of overflow in Conditional sections
CVE-2015-1819 Enforce the reader to run in constant memory
CVE-2015-7941_2 Cleanup conditional section error handling
CVE-2015-7941_1 Stop parsing on entities boundaries errors
Note that there's a new libxml release out, but it's in a bulk currently...
