Publishing details

Changelog

libxml2 (2.9.3+dfsg1-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread in xmlNextChar
    - debian/patches/CVE-2016-1762.patch: return after error in parser.c.
    - CVE-2016-1762
  * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar
    - debian/patches/CVE-2016-1833.patch: fix tests in parserInternals.c.
    - CVE-2016-1833
  * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat
    - debian/patches/CVE-2016-1834.patch: check for negative lengths in
      xmlstring.c.
    - CVE-2016-1834
  * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs
    - debian/patches/CVE-2016-1835.patch: add check to parser.c, add tests
      to result/errors/759020.xml.err, result/errors/759020.xml.str,
      test/errors/759020.xml.
    - CVE-2016-1835
  * SECURITY UPDATE: heap use-after-free in xmlDictComputeFastKey
    - debian/patches/CVE-2016-1836.patch: prevent stale pointer usage in
      parser.c, added tests to result/errors/759398.xml.err,
      result/errors/759398.xml.str, test/errors/759398.xml.
    - CVE-2016-1836
  * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and
    htmlParseSystemiteral
    - debian/patches/CVE-2016-1837.patch: prevent stable pointer usage in
      HTMLparser.c.
    - CVE-2016-1837
  * SECURITY UPDATE: heap-based buffer overread in
    xmlParserPrintFileContextInternal
    - debian/patches/CVE-2016-1838.patch: add bounds check to parser.c,
      add tests to result/errors/758588.xml.err,
      result/errors/758588.xml.str, test/errors/758588.xml.
    - CVE-2016-1838
  * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString
    - debian/patches/CVE-2016-1839.patch: add bounds check to HTMLparser.c.
    - CVE-2015-8806
    - CVE-2016-1839
    - CVE-2016-2073
  * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup
    - debian/patches/CVE-2016-1840.patch: properly handle error in
      xmlregexp.c.
    - CVE-2016-1840
  * SECURITY UPDATE: avoid building recursive entities
    - debian/patches/CVE-2016-3627.patch: properly handle recursion in
      parser.c, tree.c.
    - CVE-2016-3627
  * SECURITY UPDATE: recursion depth counter issue
    - debian/patches/CVE-2016-3705.patch: properly could recursion depth in
      parser.c.
    - CVE-2016-3705
  * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName
    - debian/patches/CVE-2016-4447.patch: improve error handling in
      parser.c.
    - CVE-2016-4447
  * SECURITY UPDATE: inappropriate fetch of entities content
    - debian/patches/CVE-2016-4449.patch: fix another external entity fetch
      in parser.c.
    - CVE-2016-4449
  * SECURITY UPDATE: out of bound access when serializing malformed strings
    - debian/patches/CVE-2016-4483.patch: improve string handling in
      xmlsave.c.
    - CVE-2016-4483

 -- Marc Deslauriers <email address hidden>  Fri, 03 Jun 2016 08:05:40 -0400

Available diffs

Builds

Package files