Publishing details
Changelog
libxml2 (2.9.3+dfsg1-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overread in xmlNextChar
- debian/patches/CVE-2016-1762.patch: return after error in parser.c.
- CVE-2016-1762
* SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar
- debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c.
- CVE-2016-1833
* SECURITY UPDATE: heap-buffer-overflow in xmlStrncat
- debian/patches/CVE-2016-1834.patch: check for negative lengths in
xmlstring.c.
- CVE-2016-1834
* SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs
- debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests
to result/errors/759020.xml.err, result/errors/759020.xml.str,
test/errors/759020.xml.
- CVE-2016-1835
* SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey
- debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in
parser.c, added tests to result/errors/759398.xml.err,
result/errors/759398.xml.str, test/errors/759398.xml.
- CVE-2016-1836
* SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and
htmlParseSystemiteral
- debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in
HTMLparser.c.
- CVE-2016-1837
* SECURITY UPDATE: heap-based buffer overread in
xmlParserPrintFileContextInternal
- debian/patches/CVE-2016-1838.patch: add bounds check to parser.c,
add tests to result/errors/758588.xml.err,
result/errors/758588.xml.str, test/errors/758588.xml.
- CVE-2016-1838
* SECURITY UPDATE: heap-based buffer overread in xmlDictAddString
- debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c.
- CVE-2015-8806
- CVE-2016-1839
- CVE-2016-2073
* SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup
- debian/patches/CVE-2016-1840.patch: properly handle error in
xmlregexp.c.
- CVE-2016-1840
* SECURITY UPDATE: avoid building recursive entities
- debian/patches/CVE-2016-3627.patch: properly handle recursion in
parser.c, tree.c.
- CVE-2016-3627
* SECURITY UPDATE: recursion depth counter issue
- debian/patches/CVE-2016-3705.patch: properly could recursion depth in
parser.c.
- CVE-2016-3705
* SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName
- debian/patches/CVE-2016-4447.patch: improve error handling in
parser.c.
- CVE-2016-4447
* SECURITY UPDATE: inappropriate fetch of entities content
- debian/patches/CVE-2016-4449.patch: fix another external entity fetch
in parser.c.
- CVE-2016-4449
* SECURITY UPDATE: out of bound access when serializing malformed strings
- debian/patches/CVE-2016-4483.patch: improve string handling in
xmlsave.c.
- CVE-2016-4483
-- Marc Deslauriers <email address hidden> Fri, 03 Jun 2016 08:05:40 -0400
Builds
Package files