Does it fix CVE-2008-4225 and CVE-2008-4226 ? On Monday 19 January 2009 02:00:35 pm [email protected] wrote: > Send xml mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.gnome.org/mailman/listinfo/xml > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of xml digest..." > > > Today's Topics: > > 1. Release of libxml2-2.7.3 (Daniel Veillard) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 18 Jan 2009 22:54:24 +0100 > From: Daniel Veillard <[email protected]> > Subject: [xml] Release of libxml2-2.7.3 > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > I promised it to Rob :-) > So a new release is available on the FTP server: > ftp://xmlsoft.org/pub/xml/ > > The main changes are a security fix to limit text nodes to 10MB > sur the HUGE parsing option to override but this should avoid some > possible security problems, a limited element traversal API (without > entities recursions though) and a new parser option to enable pre 2.7 > SAX behavior: > > + Build fix: > - fix build when HTML support is not included. > + Bug fixes: > - avoid memory overflow in gigantic text nodes > - indentation problem on the writed (Rob Richards) > - xmlAddChildList pointer problem (Rob Richards and Kevin Milburn) > - xmlAddChild problem with attribute (Rob Richards and Kris Breuker) > - avoid a memory leak in an edge case (Daniel Zimmermann) > - deallocate some pthread data (Alex Ott). > + Improvements: > - configure option to avoid rebuilding docs (Adrian Bunk) > - limit text nodes to 10MB max by default > - add element traversal APIs > - add a parser option to enable pre 2.7 SAX behavior (Rob Richards) > - add gcc malloc checking (Marcus Meissner) > - add gcc printf like functions parameters checking (Marcus Meissner). > > Thanks a lot for everybody who helped, especially Rob who was also > very patient :-) > > Daniel
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] http://mail.gnome.org/mailman/listinfo/xml
