| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
- Fixes CVE-2018-9251 and CVE-2018-14567:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
- Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5
- Remove patch: CVE-2017-8872 was fixed by
https://gitlab.gnome.org/GNOME/libxml2/issues/26
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
|
| |
Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bunch of security issues including:
CVE-2016-1762: Heap-based buffer overread in xmlNextChar
CVE-2016-1834: heap-buffer-overflow in xmlStrncat
CVE-2016-3705: Missing increments of recursion depth counter to XML parser
A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.
Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fixes:
- CVE-2015-5312 - Another entity expansion issue
- CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 - Buffer overead with HTML parser in push mode
- Incorporates upstreamed patches as well, which also fixed:
- CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
a denial of service (memory consumption) via crafted XML data, related
to an XML Entity Expansion (XEE) attack.
- CVE-2015-7941 - out-of-bounds memory access.
- CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
- CVE-2015-8035 - DoS via crafted xz file.
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
|
|
Fixes:
CVE-2014-3660 - billion laugh variant
CVE-2014-0191 - Do not fetch external parameter entities
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|