lp://staging/ubuntu/quantal-updates/libxml2
- Get this branch:
- bzr branch lp://staging/ubuntu/quantal-updates/libxml2
Branch merges
Branch information
Recent revisions
- 64. By Marc Deslauriers
-
* SECURITY UPDATE: resource exhaustion via external parameter entities
- debian/patches/ CVE-2014- 0191.patch: do not fetch external parameter
entities in parser.c.
- CVE-2014-0191 - 63. By Marc Deslauriers
-
* SECURITY REGRESSION: regression with lxml (LP: #1201849)
- debian/patches/ CVE-2013- 2877.patch: revised to fix regression, and a
couple of wrong return values.
- CVE-2013-2877 - 62. By Marc Deslauriers
-
* SECURITY UPDATE: external entity expansion attack (LP: #1194410)
- debian/patches/ CVE-2013- 0339.patch: do not fetch external parsed
entities in parser.c, added test to test/errors/extparsedent. xml,
result/errors/ extparsedent. xml.
- CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
- debian/patches/ CVE-2013- 2877.patch: try to stop parsing as quickly as
possible in parser.c, include/libxml/ xmlerror. h.
- CVE-2013-2877 - 61. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via entity expansion
- debian/patches/ CVE-2013- 0338.patch: limit number of entity expansions
in include/libxml/ parser. h, parser.c, parserInternals.c.
- CVE-2013-0338 - 60. By Seth Arnold
-
* SECURITY UPDATE: buffer underflow in xmlParseAttValu
eComplex( )
- debian/patches/ CVE-2012- 5134.patch: add array bounds checking in
parser.c, thanks to Daniel Veillard
- CVE-2012-5134 - 59. By Daniel Holbach
-
debian/
tests/control: added pkg-config as depends for the test.
Change forwarded to Debian as bug 690047. - 58. By Daniel Holbach
-
* debian/tests/build, debian/
tests/control: add test to check
that code can be easily built against libxml2, test some core
functionality too.
* debian/control: enable autopkgtest. - 57. By Aron Xu
-
[ Daniel Veillard ]
* Fix parser local buffers size problems
* Fix entities local buffers size problems
CVE-2012-2807, Closes: #679280. - 56. By Iain Lane
-
* Merge with Debian (LP: #987502), remaining changes:
- Don't drop *.la file. Some libraries still depend on it. - 55. By Jamie Strandboge
-
* SECURITY UPDATE: Fix an off by one pointer access in xpointer.c
- d8e1faeaa99c7a7c07af01c1c72de3 52eb590a3e
- CVE-2011-3102
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/raring/libxml2