Opened 8 years ago

Closed 8 years ago

#7873 closed enhancement (fixed)

libxml2-2.9.4

Reported by: Pierre Labastie Owned by: Pierre Labastie
Priority: normal Milestone: 7.10
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version. See http://www.xmlsoft.org/news.html. Seems to contain several security fixes. 

Security:
More format string warnings with possible format string vulnerability (David Kilzer),
Avoid building recursive entities (Daniel Veillard),
Heap-based buffer overread in htmlCurrentChar (Pranjal Jumde),
Heap-based buffer-underreads due to xmlParseName (David Kilzer),
Heap use-after-free in xmlSAX2AttributeNs (Pranjal Jumde),
Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (Pranjal Jumde),
Fix some format string warnings with possible format string vulnerability (David Kilzer),
Detect change of encoding when parsing HTML names (Hugh Davenport),
Fix inappropriate fetch of entities content (Daniel Veillard),
Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (Pranjal Jumde),
Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (Pranjal Jumde),
Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (David Kilzer),
Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (Pranjal Jumde),
Add missing increments of recursion depth counter to XML parser. (Peter Simons)

Change History (2)

comment:1 by Pierre Labastie, 8 years ago

Owner: changed from blfs-book@… to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r17400

Note: See TracTickets for help on using tickets.