diff options
| author | Danomi Manchego <danomimanchego123@gmail.com> | 2015-11-21 20:38:28 -0500 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@free-electrons.com> | 2015-11-22 13:44:47 +0100 |
| commit | 08e08586b579d8a339ed6f1e3da01676fa3a7010 (patch) | |
| tree | a3d13220e1f1d394dc33e616ce890528c52f2be0 /package/libxml2/libxml2.mk | |
| parent | b18e4b58499a90694b2447db4e4ceef3af8d897c (diff) | |
| download | buildroot-08e08586b579d8a339ed6f1e3da01676fa3a7010.tar.gz buildroot-08e08586b579d8a339ed6f1e3da01676fa3a7010.zip | |
libxml2: security bump to version 2.9.3
- Fixes:
- CVE-2015-5312 - Another entity expansion issue
- CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 - Buffer overead with HTML parser in push mode
- Incorporates upstreamed patches as well, which also fixed:
- CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
a denial of service (memory consumption) via crafted XML data, related
to an XML Entity Expansion (XEE) attack.
- CVE-2015-7941 - out-of-bounds memory access.
- CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
- CVE-2015-8035 - DoS via crafted xz file.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/libxml2/libxml2.mk')
| -rw-r--r-- | package/libxml2/libxml2.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/libxml2/libxml2.mk b/package/libxml2/libxml2.mk index e5832b2fc7..acfe59f4b8 100644 --- a/package/libxml2/libxml2.mk +++ b/package/libxml2/libxml2.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBXML2_VERSION = 2.9.2 +LIBXML2_VERSION = 2.9.3 LIBXML2_SITE = ftp://xmlsoft.org/libxml2 LIBXML2_INSTALL_STAGING = YES LIBXML2_AUTORECONF = YES |
