| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bunch of security issues including:
CVE-2016-1762: Heap-based buffer overread in xmlNextChar
CVE-2016-1834: heap-buffer-overflow in xmlStrncat
CVE-2016-3705: Missing increments of recursion depth counter to XML parser
A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.
Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fixes:
- CVE-2015-5312 - Another entity expansion issue
- CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 - Buffer overead with HTML parser in push mode
- Incorporates upstreamed patches as well, which also fixed:
- CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
a denial of service (memory consumption) via crafted XML data, related
to an XML Entity Expansion (XEE) attack.
- CVE-2015-7941 - out-of-bounds memory access.
- CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
- CVE-2015-8035 - DoS via crafted xz file.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
|
Fixes:
CVE-2014-3660 - billion laugh variant
CVE-2014-0191 - Do not fetch external parameter entities
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
