Ubuntu
libxml2 package

lp://staging/ubuntu/quantal-security/libxml2

Quantal (12.10)
quantal-security

Created by Ubuntu Package Importer on 2012-12-05 and last modified on 2014-05-08

Get this branch:: bzr branch lp://staging/ubuntu/quantal-security/libxml2

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

64. By Marc Deslauriers on 2014-05-08: * SECURITY UPDATE: resource exhaustion via external parameter entities
  - debian/patches/CVE-2014-0191.patch: do not fetch external parameter
    entities in parser.c.
  - CVE-2014-0191
63. By Marc Deslauriers on 2013-07-16: * SECURITY REGRESSION: regression with lxml (LP: #1201849)
  - debian/patches/CVE-2013-2877.patch: revised to fix regression, and a
    couple of wrong return values.
  - CVE-2013-2877
62. By Marc Deslauriers on 2013-07-11: * SECURITY UPDATE: external entity expansion attack (LP: #1194410)
  - debian/patches/CVE-2013-0339.patch: do not fetch external parsed
    entities in parser.c, added test to test/errors/extparsedent.xml,
    result/errors/extparsedent.xml.
  - CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
  - debian/patches/CVE-2013-2877.patch: try to stop parsing as quickly as
    possible in parser.c, include/libxml/xmlerror.h.
  - CVE-2013-2877
61. By Marc Deslauriers on 2013-03-26: * SECURITY UPDATE: denial of service via entity expansion
  - debian/patches/CVE-2013-0338.patch: limit number of entity expansions
    in include/libxml/parser.h, parser.c, parserInternals.c.
  - CVE-2013-0338
60. By Seth Arnold on 2012-12-04: * SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex()
  - debian/patches/CVE-2012-5134.patch: add array bounds checking in
    parser.c, thanks to Daniel Veillard
  - CVE-2012-5134
59. By Daniel Holbach on 2012-10-10: debian/tests/control: added pkg-config as depends for the test.
Change forwarded to Debian as bug 690047.
58. By Daniel Holbach on 2012-10-09: * debian/tests/build, debian/tests/control: add test to check
that code can be easily built against libxml2, test some core
functionality too.
* debian/control: enable autopkgtest.
57. By Aron Xu on 2012-07-19: [ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, Closes: #679280.
56. By Iain Lane on 2012-06-25: * Merge with Debian (LP: #987502), remaining changes:
- Don't drop *.la file. Some libraries still depend on it.
55. By Jamie Strandboge on 2012-05-18: * SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
- d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
- CVE-2011-3102

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp://staging/ubuntu/raring/libxml2

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntulibxml2 package