[ubuntu/xenial-proposed] libxml2 2.9.2+zdfsg1-4ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Jan 14 18:12:21 UTC 2016
libxml2 (2.9.2+zdfsg1-4ubuntu3) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
(LP: #1525996)
- add extra commits to this previously-fixed CVE
- debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
makes sense in parser.c.
- debian/patches/CVE-2015-7499-4.patch: do not print error context when
there is none in error.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds memory access via unclosed html comment
- debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
comment uninitialized access in HTMLparser.c.
- CVE-2015-8710
Date: Thu, 14 Jan 2016 08:59:31 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.2+zdfsg1-4ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Jan 2016 08:59:31 -0500
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg libxml2-udeb
Architecture: source
Version: 2.9.2+zdfsg1-4ubuntu3
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-udeb - GNOME XML library - minimal runtime (udeb)
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Launchpad-Bugs-Fixed: 1525996
Changes:
libxml2 (2.9.2+zdfsg1-4ubuntu3) xenial; urgency=medium
.
* SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW
(LP: #1525996)
- add extra commits to this previously-fixed CVE
- debian/patches/CVE-2015-7499-3.patch: reuse xmlHaltParser() where it
makes sense in parser.c.
- debian/patches/CVE-2015-7499-4.patch: do not print error context when
there is none in error.c.
- CVE-2015-7499
* SECURITY UPDATE: out of bounds memory access via unclosed html comment
- debian/patches/CVE-2015-8710.patch: fix parsing short unclosed
comment uninitialized access in HTMLparser.c.
- CVE-2015-8710
Checksums-Sha1:
793f85b62ac558388f2620d6dc45c1e889ba9d94 2757 libxml2_2.9.2+zdfsg1-4ubuntu3.dsc
1e4ad497520919047f09d700d33739685153bad9 36176 libxml2_2.9.2+zdfsg1-4ubuntu3.debian.tar.xz
Checksums-Sha256:
8141ed5bd6ba8453482d9d02923e0c55d39d24b5e474c7ae5b5421081c57a93c 2757 libxml2_2.9.2+zdfsg1-4ubuntu3.dsc
cb9cfe36ebd12617f0546220b54ee81e7803c30d791e68e8b782eb90fc0443ce 36176 libxml2_2.9.2+zdfsg1-4ubuntu3.debian.tar.xz
Files:
7568bf45c87705971f5c97ab3d2396cd 2757 libs optional libxml2_2.9.2+zdfsg1-4ubuntu3.dsc
83c130117a49053eeb534d5fe5df9d93 36176 libs optional libxml2_2.9.2+zdfsg1-4ubuntu3.debian.tar.xz
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWl+QEAAoJEGVp2FWnRL6TCg8QAKMNAKP3rmInfLyVo8QD00hS
QMDJCqEmAog5cECQ83wx4tiB2htyq+QSSGGYBhtAVk6Vo2GQNYp6WkUGRyu5qivI
uN5ybvyF2bJo/Z5b+YJvAJZRCk62nV12ejiC9LRqpeXpPEx/+4rxQwa3iy1H5peq
muZe2IQ4o+IGg6yXAGCb56nmoUVUzcWJuoeS7D35TuonlGR1HTniFTqUgAvcOX5x
gSE5Qhj+kGJIzwGh7T3maiA7CskCmLWnZhgYvD2M87iXSoP6zlUGqkVf6xGx4QT/
2TyWy9oKir9tNLiTNB6eGWjU+DWyqUgWr1QrawIqdE+xZfRS0+jOfxpTsL29c8fZ
rlNESB+bIRi+V8nhJYwy6bqhWZgUME7vUg+iTK77mU6NxDWuEoMrijjiKDpgExtJ
cr65hPk2zoiSjsML2nbIrm6ZSM/PBZVboCfFaaEjmH5KcyVPA30mF+nOoGCCsCUL
aigQZnAGkOhyV8a/tOfz5Hgt2/RvW1KZBCfXC/iRCHZmcSa4n1plYND1Vmp2uxRB
24FRTUFFFsX1w1XSq/3/zEc3EdS/ddmsgug1G5GwRHXiI2e5ntgQcqnMhuiZ8X1Z
SVCx5KWzxNd2Cg3S5ojYuo7AcgYL13oYNY6ZONueRl2WYQ7yw5VihMMlBfmKVBfa
hRq/fFAf2P4HiMYnBX9j
=TSFI
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list