[ubuntu/xenial-proposed] libxml2 2.9.2+zdfsg1-4ubuntu2 (Accepted)

Wed, 09 Dec 2015 08:36:28 -0800 

libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium

  * SECURITY UPDATE: denial of service via entity expansion issue
    - debian/patches/CVE-2015-5312.patch: properly exit when entity
      expansion is detected in parser.c.
    - CVE-2015-5312
  * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey
    - debian/patches/CVE-2015-7497.patch: check offset in dict.c.
    - CVE-2015-7497
  * SECURITY UPDATE: denial of service via encoding conversion failures
    - debian/patches/CVE-2015-7498.patch: avoid processing entities after
      encoding conversion failures in parser.c.
    - CVE-2015-7498
  * SECURITY UPDATE: out of bounds read in xmlGROW
    - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the
      parser in parser.c.
    - debian/patches/CVE-2015-7499-2.patch: check input in parser.c.
    - CVE-2015-7499
  * SECURITY UPDATE: out of bounds read in xmlParseMisc
    - debian/patches/CVE-2015-7500.patch: check entity boundaries in
      parser.c.
    - CVE-2015-7500
  * SECURITY UPDATE: denial of service via extra processing of MarkupDecl
    - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c.
    - CVE-2015-8241
  * SECURITY UPDATE: buffer overead with HTML parser in push mode
    - debian/patches/CVE-2015-8242.patch: use pointer in the input in
      HTMLparser.c.
    - CVE-2015-8242

Date: Wed, 09 Dec 2015 10:15:37 -0500
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Dec 2015 10:15:37 -0500
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg 
libxml2-doc python-libxml2 python-libxml2-dbg libxml2-udeb
Architecture: source
Version: 2.9.2+zdfsg1-4ubuntu2
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description:
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-udeb - GNOME XML library - minimal runtime (udeb)
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug 
extension)
Changes:
 libxml2 (2.9.2+zdfsg1-4ubuntu2) xenial; urgency=medium
 .
   * SECURITY UPDATE: denial of service via entity expansion issue
     - debian/patches/CVE-2015-5312.patch: properly exit when entity
       expansion is detected in parser.c.
     - CVE-2015-5312
   * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey
     - debian/patches/CVE-2015-7497.patch: check offset in dict.c.
     - CVE-2015-7497
   * SECURITY UPDATE: denial of service via encoding conversion failures
     - debian/patches/CVE-2015-7498.patch: avoid processing entities after
       encoding conversion failures in parser.c.
     - CVE-2015-7498
   * SECURITY UPDATE: out of bounds read in xmlGROW
     - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the
       parser in parser.c.
     - debian/patches/CVE-2015-7499-2.patch: check input in parser.c.
     - CVE-2015-7499
   * SECURITY UPDATE: out of bounds read in xmlParseMisc
     - debian/patches/CVE-2015-7500.patch: check entity boundaries in
       parser.c.
     - CVE-2015-7500
   * SECURITY UPDATE: denial of service via extra processing of MarkupDecl
     - debian/patches/CVE-2015-8241.patch: add extra EOF check in parser.c.
     - CVE-2015-8241
   * SECURITY UPDATE: buffer overead with HTML parser in push mode
     - debian/patches/CVE-2015-8242.patch: use pointer in the input in
       HTMLparser.c.
     - CVE-2015-8242
Checksums-Sha1:
 cbb960b7a74e19c35ba8ebc71de22c2a9f470c60 2757 libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
 ba3316ae8c8d95d3e0691dc22f5cf579ab748f33 34468 
libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Checksums-Sha256:
 953eab575f0ef0c2e2f3475a15f125c57eb4528b80c0c4b271feda455cfbeb06 2757 
libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
 136b89d12ac5a5fa64ffd71c043f915abf96e91f641830e547ad44de3aceadc5 34468 
libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Files:
 4483ed0460656fe9d98f2278856a0bcf 2757 libs optional 
libxml2_2.9.2+zdfsg1-4ubuntu2.dsc
 7da2fce9569ea3a980eb5317175d9fc8 34468 libs optional 
libxml2_2.9.2+zdfsg1-4ubuntu2.debian.tar.xz
Original-Maintainer: Debian XML/SGML Group 
<debian-xml-sgml-p...@lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWaFdyAAoJEGVp2FWnRL6TW3gP/R7X4n8oDIIUIXrbySA2R6mt
B+Cqw6xnSK7lXHjALTNl/f/kXVr5b7vqpQ0dNMp/mWKVU56f5y2UorcYEcITo5oi
88lJKtw79hUxSo+WYFd+alWamoUmg88/JUUTOasuH+wyyZHhfEB8fbTBUReZ8VKO
AyKkqqsw6fJ+QjjXceKkmOJQhRnJvAYytzsbcVqxZ1e3bwTtwbpoZ4OHb5BjZmOn
HDRecj3JfLhyjebzh8UK7ZByemn0H1qK7OCE4Ms47j7/+fMBbHvTjd9++5uL8iiI
LU8oI4NKVeZtIh7QJaCv0C3bbjq2JTpxhEKuLT1vgAdDs3aQzJuKJMRamIFOpTZ+
qmWonwSjn6EZ2mpU0LOFOX3Zyfl0rTrlfR2NIhHaKWQbtIBHqbxnpStvrQreCYSz
OpU/aV+QM0kwFCqkB4D+cZ8mFkLw9UMteoJp7oeR3J6dOS/cVuW1Ve5KSQLQ8YWT
dEgQbitVnNIoAGBv2sc/CbO33liiqZGHo9+yL/BpoirfXn2RiIybDQh5DmBB1SzR
e4M6k7cJj7oIzNMsRSa4x/+KJ8879IwWRMOHgH7Y8+wXvv5Gk0lUCDwJnExxQa0r
dM9+FG6oyh0q1pmyjnBorktZAyL/BqDYSlkpw9LVep42e6OSIZVPLpajFPMCoG4E
wgA+KkI5zS7zcTF2H9e7
=p6CV
-----END PGP SIGNATURE-----

-- 
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/xenial-changes

Reply via email to