libxml2: security bump to version 2.9.3 - buildroot

diff options

author	Danomi Manchego <danomimanchego123@gmail.com>	2015-11-21 20:38:28 -0500
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2015-11-22 13:44:47 +0100
commit	08e08586b579d8a339ed6f1e3da01676fa3a7010 (patch)
tree	a3d13220e1f1d394dc33e616ce890528c52f2be0 /package/mpd/0003-fix-static-build-with-alsa.patch
parent	b18e4b58499a90694b2447db4e4ceef3af8d897c (diff)
download	buildroot-08e08586b579d8a339ed6f1e3da01676fa3a7010.tar.gz buildroot-08e08586b579d8a339ed6f1e3da01676fa3a7010.zip

libxml2: security bump to version 2.9.3

- Fixes: - CVE-2015-5312 - Another entity expansion issue - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries - CVE-2015-8242 - Buffer overead with HTML parser in push mode - Incorporates upstreamed patches as well, which also fixed: - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. - CVE-2015-7941 - out-of-bounds memory access. - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections. - CVE-2015-8035 - DoS via crafted xz file. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Diffstat (limited to 'package/mpd/0003-fix-static-build-with-alsa.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: