Commit Graph

2 Commits

Author SHA1 Message Date
Danomi Manchego
08e08586b5 libxml2: security bump to version 2.9.3
- Fixes:
  - CVE-2015-5312 - Another entity expansion issue
  - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
  - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
  - CVE-2015-8242 - Buffer overead with HTML parser in push mode

- Incorporates upstreamed patches as well, which also fixed:
  - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
    a denial of service (memory consumption) via crafted XML data, related
    to an XML Entity Expansion (XEE) attack.
  - CVE-2015-7941 - out-of-bounds memory access.
  - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
  - CVE-2015-8035 - DoS via crafted xz file.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-11-22 13:44:47 +01:00
Gustavo Zacarias
841c63ce66 libxml2: security bump to version 2.9.2
Fixes:
CVE-2014-3660 - billion laugh variant
CVE-2014-0191 - Do not fetch external parameter entities

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-17 14:17:48 +02:00