Re: [blfs-book] [BLFS Trac] #7793: libxml2 Security Issues

2016-05-14 Thread BLFS Trac via blfs-book 
#7793: libxml2 Security Issues
-+-
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  closed
 Priority:  high |   Milestone:  7.10
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:  fixed
 Keywords:   |
-+-
Changes (by renodr):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 Fixed at r17357

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #7793: libxml2 Security Issues

2016-05-13 Thread BLFS Trac via blfs-book 
#7793: libxml2 Security Issues
-+---
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  assigned
 Priority:  high |   Milestone:  7.10
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---

Comment (by renodr):

 I will have this done by the end of the weekend (Monday)!

 I apologize for the large delay.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #7793: libxml2 Security Issues

2016-05-03 Thread BLFS Trac via blfs-book 
#7793: libxml2 Security Issues
-+---
 Reporter:  renodr   |   Owner:  renodr
 Type:  enhancement  |  Status:  assigned
 Priority:  high |   Milestone:  7.10
Component:  BOOK | Version:  SVN
 Severity:  normal   |  Resolution:
 Keywords:   |
-+---
Changes (by renodr):

 * owner:  blfs-book@… => renodr
 * status:  new => assigned


Comment:

 If there are any objections, please take the ticket from me.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-book] [BLFS Trac] #7793: libxml2 Security Issues

2016-05-03 Thread BLFS Trac via blfs-book 
#7793: libxml2 Security Issues
-+-
 Reporter:  renodr   |  Owner:  blfs-book@…
 Type:  enhancement  | Status:  new
 Priority:  high |  Milestone:  7.10
Component:  BOOK |Version:  SVN
 Severity:  normal   |   Keywords:
-+-
 As reported on the [oss-security] mailing list today:

 '''CVE-2016-3627'''

 https://bugzilla.gnome.org/show_bug.cgi?id=765207

 {{{
 The functions xmlParserEntityCheck() and xmlParseAttValueComplex() used
 to call
 xmlStringDecodeEntities() in a recursive context without incrementing the
 'depth' counter in the parser context. Because of that omission, the
 parser
 failed to detect attribute recursions in certain documents before
 running out
 of stack space.
 }}}

 '''CVE-2016-3705'''

 https://bugzilla.gnome.org/show_bug.cgi?id=762100


 {{{
 Subject: [PATCH] xmlStringGetNodeList: limit the function to 1024
 recursions
  to avoid CVE-2016-3627
 }}}

 I can happily create a patch to fix these for both books, unless there is
 any objection. Should be done before Friday.

 I can't attach a link to the mailing list entry from my current location,
 but I should be able to add it later.

--
Ticket URL: 
BLFS Trac 
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page