[ubuntu/precise-security] libxml2 2.7.8.dfsg-5.1ubuntu4.17 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Mar 16 11:37:47 UTC 2017

libxml2 (2.7.8.dfsg-5.1ubuntu4.17) precise-security; urgency=medium

  * SECURITY UPDATE: format string vulnerabilities
    - fix format string warnings in HTMLparser.c, SAX2.c, catalog.c,
      configure, configure.in, debugXML.c, encoding.c, entities.c, error.c,
      include/libxml/parserInternals.h, include/libxml/xmlerror.h,
      include/libxml/xmlstring.h, libxml.h, parser.c, parserInternals.c,
      relaxng.c, schematron.c, testModule.c, valid.c, xinclude.c, xmlIO.c,
      xmllint.c, xmlreader.c, xmlschemas.c, xmlstring.c, xmlwriter.c,
      xpath.c, xpointer.c.
    - 4472c3a5a5b516aaf59b89be602fbce52756c3e9
    - 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
    - d77e5fc4bcdb7da748c9cca116a601ae4df60d21
    - debian/libxml2.symbols: added new symbol.
    - CVE-2016-4448
  * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges
    - disallow namespace nodes in XPointer ranges in xpointer.c.
    - c1d1f7121194036608bf555f08d3062a36fd344b
    - CVE-2016-4658
  * SECURITY UPDATE: use-after-free in XPointer range-to function
    - fix XPointer paths beginning with range-to and fix comparison with
      root node in xmlXPathCmpNodesin xpath.c, xpointer.c.
    - 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
    - a005199330b86dada19d162cae15ef9bdcb6baa8
    - CVE-2016-5131

Date: 2017-03-15 17:38:14.999721+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list