libxml2 (2.7.8.dfsg-5.1ubuntu4.22) precise-security; urgency=medium
* SECURITY UPDATE: Memory leak
- fix memory leak in xmlParseBalancedChunkMemoryRecover checking
if doc is NULL in parser.c.
- CVE-2019-19956
* SECURITY UPDATE: Denial of service though an infinite loop
- fix infinite loop in xmlStringLenDecodeEntities adding checks
to ctxt->instate if it is == XML_PARSER_EOF in parser.c.
- CVE-2020-7595
libxml2 (2.7.8.dfsg-5.1ubuntu4.21) precise-security; urgency=medium
* SECURITY UPDATE: XXE attacks
- debian/patches/CVE-2016-9318.patch: fix in parser.c.
- CVE-2016-9318
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14404.patch: fix in xpath.c.
- CVE-2018-14404
libxml2 (2.7.8.dfsg-5.1ubuntu4.20) precise-security; urgency=medium
* SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
- CVE-2017-15412
libxml2 (2.7.8.dfsg-5.1ubuntu4.19) precise-security; urgency=medium
* SECURITY UPDATE: infinite recursion in parameter entities
- CVE-2017-16932
libxml2 (2.7.8.dfsg-5.1ubuntu4.18) precise-security; urgency=medium
* SECURITY UPDATE: type confusion leading to out-of-bounds write
- CVE-2017-0663
* SECURITY UPDATE: XML external entity (XXE) vulnerability
entity references
- CVE-2017-7375
* SECURITY UPDATE: buffer overflow in URL handling
ports in HTTP redirect support
- CVE-2017-7376
* SECURITY UPDATE: buffer overflows in xmlSnprintfElementContent()
remains in buffer for copied data
- CVE-2017-9047, CVE-2017-9048
* SECURITY UPDATE: heap based buffer overreads in
xmlDictComputeFastKey()
expansions, add additional sanity check
- CVE-2017-9049, CVE-2017-9050
Date: 2020-02-05 17:23:22.089564+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.22
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes