-
libxml2 (2.9.4+dfsg1-4ubuntu1.2) artful-security; urgency=medium
* SECURITY UPDATE: use after-free in xmlXPathCompOpEvalPositionPredicate
- debian/patches/CVE-2017-15412.patch: fix XPath stack frame logic in
xpath.c.
- CVE-2017-15412
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 Dec 2017 13:30:29 -0300
-
libxml2 (2.9.4+dfsg1-4ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: infinite recursion in parameter entities
- CVE-2017-16932
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Dec 2017 15:22:50 -0300
-
libxml2 (2.9.4+dfsg1-4ubuntu1) artful; urgency=medium
* Fix FTBFS: Fix debhelper -p and -N flags.
*
-- Matthias Klose <email address hidden> Wed, 11 Oct 2017 11:06:37 +0200
-
libxml2 (2.9.4+dfsg1-3.1) unstable; urgency=low
* Non-maintainer upload.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
-- Salvatore Bonaccorso <email address hidden> Sun, 20 Aug 2017 06:56:40 +0200
-
libxml2 (2.9.4+dfsg1-3build2) artful; urgency=medium
* No-change rebuild against python3.6
-- Jeremy Bicha <email address hidden> Wed, 02 Aug 2017 16:08:27 -0400
-
libxml2 (2.9.4+dfsg1-3build1) artful; urgency=medium
* No-change rebuild to build with python3.6.
-- Matthias Klose <email address hidden> Mon, 24 Jul 2017 13:52:40 +0000
-
libxml2 (2.9.4+dfsg1-3) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/control:
+ Use HTTPS in Vcs-* fields.
+ Remove the deprecated '${python:Provides}' and '${python3:Provides}'.
+ Bump Standards-Version to 4.0.0, no changes needed.
* Build for all supported python versions. Closes: #864328
Thanks to YunQiang Su <email address hidden> for the initial patch.
* Drop libxml-utils-dbg package in favour of the automatic debug package.
* Replace the upstream ChangeLog with the NEWS file. Closes: #808372
The ChangeLog file stopped being updated in 2009, whereas NEWS is
automatically generated by upstream during releases.
* d/rules:
+ Correctly make use of the dh sequencer in the build step.
Override dh_auto_build instead of using build/build-arch/build-indep
targets directly.
This makes possible for dh to call dh_autoreconf and other helpers that
would otherwise be skipped (like dh_update_autotools_config).
+ Fix duplicated targets for override_dh_auto_install-indep.
+ Streamline dpkg-buildflags usage.
* Bump debhelper compat level to 10
+ remove --parallel, now default
+ remove --with autoreconf, now default
[ Helmut Grohne ]
* Improve build profiles support. Closes: #862867
+ Rename the meaningless stage1 to the meaningful nopython.
+ Use the standard variable DEB_BUILD_PROFILES rather than
DEB_BUILD_PROFILE by checking dh_listpackages.
+ Correctly build nopython even when python is installed.
+ Add build profile annotations to debian/control.
-- Mattia Rizzolo <email address hidden> Tue, 04 Jul 2017 21:59:55 +0200
-
libxml2 (2.9.4+dfsg1-2.2ubuntu1) artful; urgency=medium
* Only build for the default version of Python.
-- Michael Hudson-Doyle <email address hidden> Tue, 16 May 2017 14:45:03 +1200
-
libxml2 (2.9.4+dfsg1-2.2build1) artful; urgency=medium
* No change rebuild to add Python 3.6 support.
-- Michael Hudson-Doyle <email address hidden> Fri, 12 May 2017 11:47:33 +1200
-
libxml2 (2.9.4+dfsg1-2.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix attribute decoding during XML schema validation
(Closes: #832602, #832864)
-- Mònica Ramírez Arceda <email address hidden> Sat, 14 Jan 2017 15:31:49 +0100