[ubuntu/precise-security] libxml2 2.7.8.dfsg-5.1ubuntu4.15 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jun 6 16:31:30 UTC 2016 

libxml2 (2.7.8.dfsg-5.1ubuntu4.15) precise-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overread in xmlNextChar
    - return after error in parser.c.
    - a7a94612aa3b16779e2c74e1fa353b5d9786c602
    - CVE-2016-1762
  * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar
    - clear up NULL deref, handle 0-length entities and fix tests in
      parserInternals.c.
    - ff76eb28c75451bc56e3b93f44dac155ca29e7f5
    - fdfeecc1b73b0318466f0d61f0b8881ed9d92dd2
    - 0bcd05c5cd83dec3406c8f68b769b1d610c72f76
    - CVE-2016-1833
  * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat
    - check for negative lengths in xmlstring.c.
    - 8fbbf5513d609c1770b391b99e33314cd0742704
    - CVE-2016-1834
  * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs
    - add check to parser.c, add tests to result/errors/759020.xml.err,
      result/errors/759020.xml.str, test/errors/759020.xml.
    - 38eae571111db3b43ffdeb05487c9f60551906fb
    - CVE-2016-1835
  * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and
    htmlParseSystemiteral
    - prevent stable pointer usage in HTMLparser.c.
    - 11ed4a7a90d5ce156a18980a4ad4e53e77384852
    - CVE-2016-1837
  * SECURITY UPDATE: heap-based buffer overread in
    xmlParserPrintFileContextInternal
    - add bounds check to parser.c,
      add tests to result/errors/758588.xml.err,
      result/errors/758588.xml.str, test/errors/758588.xml.
    - db07dd613e461df93dde7902c6505629bf0734e9
    - CVE-2016-1838
  * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString
    - add bounds check to HTMLparser.c.
    - a820dbeac29d330bae4be05d9ecd939ad6b4aa33
    - CVE-2015-8806
    - CVE-2016-1839
    - CVE-2016-2073
  * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup
    - properly handle error in xmlregexp.c.
    - cbb271655cadeb8dbb258a64701d9a3a0c4835b4
    - CVE-2016-1840
  * SECURITY UPDATE: avoid building recursive entities
    - properly handle recursion in parser.c, tree.c.
    - bdd66182ef53fe1f7209ab6535fda56366bd7ac9
    - CVE-2016-3627
  * SECURITY UPDATE: recursion depth counter issue
    - properly could recursion depth in parser.c.
    - 8f30bdff69edac9075f4663ce3b56b0c52d48ce6
    - CVE-2016-3705
  * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName
    - improve error handling in parser.c.
    - 00906759053986b8079985644172085f74331f83
    - CVE-2016-4447
  * SECURITY UPDATE: inappropriate fetch of entities content
    - fix another external entity fetch in parser.c.
    - b1d34de46a11323fccffa9fadeb33be670d602f5
    - CVE-2016-4449
  * SECURITY UPDATE: out of bound access when serializing malformed strings
    - improve string handling in xmlsave.c.
    - c97750d11bb8b6f3303e7131fe526a61ac65bcfd
    - CVE-2016-4483

Date: 2016-06-03 17:19:13.565096+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.15
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list