kumquat-buildroot

NetCube-Systems-Austria/kumquat-buildroot

Fork 0

Commit Graph

Author	SHA1	Message	Date
Baruch Siach	925f0897fe	libxml2: security bump to version 2.9.4 Fixes a bunch of security issues including: CVE-2016-1762: Heap-based buffer overread in xmlNextChar CVE-2016-1834: heap-buffer-overflow in xmlStrncat CVE-2016-3705: Missing increments of recursion depth counter to XML parser A few more security fixes are listed in the release announcement at https://mail.gnome.org/archives/xml/2016-May/msg00023.html. Also fixes: http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/ http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/ http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2016-05-23 20:09:38 +02:00
Danomi Manchego	08e08586b5	libxml2: security bump to version 2.9.3 - Fixes: - CVE-2015-5312 - Another entity expansion issue - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries - CVE-2015-8242 - Buffer overead with HTML parser in push mode - Incorporates upstreamed patches as well, which also fixed: - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. - CVE-2015-7941 - out-of-bounds memory access. - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections. - CVE-2015-8035 - DoS via crafted xz file. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2015-11-22 13:44:47 +01:00
Gustavo Zacarias	841c63ce66	libxml2: security bump to version 2.9.2 Fixes: CVE-2014-3660 - billion laugh variant CVE-2014-0191 - Do not fetch external parameter entities Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2014-10-17 14:17:48 +02:00

Author

SHA1

Message

Date

Baruch Siach

925f0897fe

libxml2: security bump to version 2.9.4

Fixes a bunch of security issues including:

  CVE-2016-1762: Heap-based buffer overread in xmlNextChar

  CVE-2016-1834: heap-buffer-overflow in xmlStrncat

  CVE-2016-3705: Missing increments of recursion depth counter to XML parser

A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.

Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2016-05-23 20:09:38 +02:00

Danomi Manchego

08e08586b5

libxml2: security bump to version 2.9.3

- Fixes:
  - CVE-2015-5312 - Another entity expansion issue
  - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
  - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
  - CVE-2015-8242 - Buffer overead with HTML parser in push mode

- Incorporates upstreamed patches as well, which also fixed:
  - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
    a denial of service (memory consumption) via crafted XML data, related
    to an XML Entity Expansion (XEE) attack.
  - CVE-2015-7941 - out-of-bounds memory access.
  - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
  - CVE-2015-8035 - DoS via crafted xz file.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2015-11-22 13:44:47 +01:00

Gustavo Zacarias

841c63ce66

libxml2: security bump to version 2.9.2

Fixes:
CVE-2014-3660 - billion laugh variant
CVE-2014-0191 - Do not fetch external parameter entities

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2014-10-17 14:17:48 +02:00

3 Commits