Change log for libxml2 package in Debian
| 1 → 50 of 124 results | First • Previous • Next • Last |
| Published in bookworm-release |
libxml2 (2.9.14+dfsg-1.3~deb12u1) bookworm; urgency=medium * Rebuild for bookworm -- Salvatore Bonaccorso <email address hidden> Mon, 10 Jul 2023 21:58:07 +0200
| Published in sid-release |
libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium * Non-maintainer upload. * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991) * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991) -- Salvatore Bonaccorso <email address hidden> Sat, 08 Jul 2023 21:18:29 +0200
Available diffs
| Published in bullseye-release |
libxml2 (2.9.10+dfsg-6.7+deb11u4) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
-- Salvatore Bonaccorso <email address hidden> Sat, 15 Apr 2023 20:52:15 +0200
libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
-- Salvatore Bonaccorso <email address hidden> Sat, 15 Apr 2023 16:25:06 +0200
Available diffs
| Superseded in bullseye-release |
libxml2 (2.9.10+dfsg-6.7+deb11u3) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
(Closes: #1022224)
* Fix dict corruption caused by entity reference cycles (CVE-2022-40304)
(Closes: #1022225)
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2022 13:03:35 +0100
| Superseded in sid-release |
libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
(Closes: #1022224)
* Fix dict corruption caused by entity reference cycles (CVE-2022-40304)
(Closes: #1022225)
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2022 11:18:06 +0100
Available diffs
| Published in buster-release |
libxml2 (2.9.4+dfsg1-7+deb10u4) buster-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix integer overflow in xmlBufferResize
* Fix integer overflows in xmlBuf and xmlBuffer (CVE-2022-29824)
(Closes: #1010526)
-- Salvatore Bonaccorso <email address hidden> Sun, 15 May 2022 16:13:21 +0200
| Superseded in bullseye-release |
libxml2 (2.9.10+dfsg-6.7+deb11u2) bullseye-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix integer overflow in xmlBufferResize
* Fix integer overflows in xmlBuf and xmlBuffer (CVE-2022-29824)
(Closes: #1010526)
-- Salvatore Bonaccorso <email address hidden> Sun, 15 May 2022 15:58:46 +0200
| Superseded in sid-release |
libxml2 (2.9.14+dfsg-1) unstable; urgency=high
* Team upload.
* New upstream version 2.9.14+dfsg.
+ Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526
-- Mattia Rizzolo <email address hidden> Thu, 05 May 2022 14:43:51 +0200
Available diffs
| Superseded in buster-release |
libxml2 (2.9.4+dfsg1-7+deb10u3) buster; urgency=medium
* Non-maintainer upload.
* Use-after-free of ID and IDREF attributes (CVE-2022-23308)
(Closes: #1006489)
-- Salvatore Bonaccorso <email address hidden> Thu, 17 Mar 2022 22:04:26 +0100
| Superseded in bullseye-release |
libxml2 (2.9.10+dfsg-6.7+deb11u1) bullseye; urgency=medium
* Non-maintainer upload.
* Use-after-free of ID and IDREF attributes (CVE-2022-23308)
(Closes: #1006489)
-- Salvatore Bonaccorso <email address hidden> Thu, 17 Mar 2022 21:52:53 +0100
| Superseded in sid-release |
libxml2 (2.9.13+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.9.13+dfsg.
+ Convert devhelp to version2. Closes: #955205
+ Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489
* Bump my copyright for debian/*.
* d/watch: move download sourceto https://download.gnome.org/.
-- Mattia Rizzolo <email address hidden> Sun, 27 Feb 2022 19:57:48 +0100
Available diffs
- diff from 2.9.12+dfsg-6 to 2.9.13+dfsg-1 (453.3 KiB)
| Superseded in sid-release |
libxml2 (2.9.12+dfsg-6) unstable; urgency=medium
* Team upload.
* d/control:
+ Use the new Description field in the source paragraph and add references
to the binary paragraphs. This is a new feature since dpkg 1.19.0
(from 2017). Policy is not yet updated, see #998165.
+ Drop Build-Depends on python3-all-dbg, not used since the last revision.
* Add patches from upstream to fix:
+ return code of xmllint when incorrectly called. Closes: #727075
+ regression with entity references in external DTDs. Closes: #994765
-- Mattia Rizzolo <email address hidden> Sat, 19 Feb 2022 13:11:26 +0100
Available diffs
| Superseded in sid-release |
libxml2 (2.9.12+dfsg-5) unstable; urgency=medium
* Team upload.
* Stop building the python3-libxml2-dbg package. Closes: #994307
* Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that
is not validating anymore. Closes: #993638
* Remove lintian override that was fixed in lintian for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
-- Mattia Rizzolo <email address hidden> Mon, 20 Sep 2021 15:06:01 +0200
Available diffs
| Superseded in sid-release |
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium
* Team upload.
* Add a few patches from upstream:
+ Work around lxml API abuse.
+ Fix regression in xmlNodeDumpOutputInternal. LP: #1943277
+ Fix whitespace when serializing empty HTML documents.
+ Forbid epsilon-reduction of final states.
+ Fix buffering in xmlOutputBufferWrite.
-- Mattia Rizzolo <email address hidden> Fri, 10 Sep 2021 22:13:09 +0200
Available diffs
| Superseded in sid-release |
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Add patch from upstream to fix a regression in the recursion limit for
complex XSLT documents. This also fixed the ruby-nokogiri test failure,
so drop the previously introduced Breaks.
* d/control: Bump Standards-Version to 4.6.0, no changes needed.
-- Mattia Rizzolo <email address hidden> Wed, 01 Sep 2021 16:45:21 +0200
Available diffs
- diff from 2.9.10+dfsg-6.7 to 2.9.12+dfsg-3 (218.8 KiB)
- diff from 2.9.12+dfsg-2 to 2.9.12+dfsg-3 (1.3 KiB)
| Deleted in experimental-release (Reason: None provided.) |
libxml2 (2.9.12+dfsg-2) experimental; urgency=medium
* Team upload.
* d/control: Break ruby-nokogiri (<< 1.11.7).
* lintian:
+ Add a link from usr/share/doc/libxml2/gtk-doc
usr/share/gtk-doc/html/libxml2. See #970275
+ Override for package-contains-documentation-outside-usr-share-doc.
* Add two patches to refactor how docs are installed.
* Add a patch to properly install all the documentation we were
previously manually installing.
* d/rules: Use the now working --docdir flag to install the documentation
directly in the right place.
* Move the documentation and examples from /usr/share/doc/libxml2-doc
to /usr/share/doc/libxml2/, following Policy v3.9.7 §12.3.
-- Mattia Rizzolo <email address hidden> Thu, 29 Jul 2021 12:22:11 +0200
Available diffs
- diff from 2.9.10+dfsg-6.7 to 2.9.12+dfsg-2 (218.4 KiB)
| Superseded in experimental-release |
libxml2 (2.9.12+dfsg-1) experimental; urgency=medium
* Team upload.
* New upstream version 2.9.12+dfsg.
* Drop patches applied upstream.
* d/libxml2.symbols: Add a new symbol.
* d/control: Bump Standards-Version to 4.5.1, no changes needed.
* d/rules:
+ Bump shlibs version.
+ Drop the --as-needed linking flag, the default starting from bullseye.
-- Mattia Rizzolo <email address hidden> Sun, 18 Jul 2021 15:33:26 +0200
| Superseded in buster-release |
libxml2 (2.9.4+dfsg1-7+deb10u2) buster; urgency=medium
* Non-maintainer upload.
* Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977)
(Closes: #969529)
* Fix use-after-free with `xmllint --html --push` (CVE-2021-3516)
(Closes: #987739)
* Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738)
* Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518)
(Closes: #987737)
* Propagate error in xmlParseElementChildrenContentDeclPriv (CVE-2021-3537)
(Closes: #988123)
* Patch for security issue CVE-2021-3541 (Closes: #988603)
-- Salvatore Bonaccorso <email address hidden> Fri, 11 Jun 2021 18:57:11 +0200
libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium * Non-maintainer upload. * Patch for security issue CVE-2021-3541 (Closes: #988603) -- Salvatore Bonaccorso <email address hidden> Sat, 22 May 2021 08:21:29 +0200
Available diffs
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium * Non-maintainer upload. * Upload to unstable. -- Salvatore Bonaccorso <email address hidden> Thu, 06 May 2021 10:48:16 +0200
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
libxml2 (2.9.10+dfsg-6.4) experimental; urgency=medium
* Non-maintainer upload.
* Fix use-after-free with `xmllint --html --push` (CVE-2021-3516)
(Closes: #987739)
* Validate UTF8 in xmlEncodeEntities (CVE-2021-3517) (Closes: #987738)
* Fix user-after-free with `xmllint --xinclude --dropdtd` (CVE-2021-3518)
(Closes: #987737)
-- Salvatore Bonaccorso <email address hidden> Sun, 02 May 2021 16:23:29 +0200
| Superseded in buster-release |
libxml2 (2.9.4+dfsg1-7+deb10u1) buster; urgency=medium * CVE-2017-18258 (Closes: #895245) * CVE-2018-14404 (Closes: #901817) * CVE-2018-14567 * CVE-2019-19956 * CVE-2019-20388 (Closes: #949583) * CVE-2020-7595 (Closes: #949582) -- Moritz Mühlenhoff <email address hidden> Fri, 06 Nov 2020 18:35:40 +0100
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium * Non-maintainer upload. * Remove the Python2 autopkg test. -- Matthias Klose <email address hidden> Sun, 29 Nov 2020 11:58:00 +0100
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977)
(Closes: #969529)
-- Salvatore Bonaccorso <email address hidden> Sun, 25 Oct 2020 13:56:23 +0100
Available diffs
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium * Non-maintainer upload. * Fix build with Python 3.9. Closes: #972022. -- Matthias Klose <email address hidden> Wed, 14 Oct 2020 08:45:25 +0200
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-6) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* Drop Python2 support. Closes: #936941
* Use dh-sequence-python3 to at least simplify one line of d/rules.
* Bump debhelper compat level to 13.
+ Drop dh_missing override, dh13 defaults to --fail-missing.
[ Debian Janitor ]
* Use correct machine-readable copyright file URI.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
* Rely on pre-initialized dpkg-architecture variables.
-- Mattia Rizzolo <email address hidden> Fri, 04 Sep 2020 23:05:12 +0200
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-5) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/rules:
+ Drop --disable-silent-rules, already passed by dh_auto_configure.
+ Drop --parallel, now default with debhelper compat > 10.
+ Use dh_installdocs and dh_installexamples to install docs and examples.
+ Use dh_missing --fail-missing (and add the relevant d/not-installed).
+ Minimize indep build to build only the docs.
* d/watch: fix an option to avoid a warning message.
* d/control:
+ Move most of the build-deps to Build-Depends-Arch.
+ Use ${python:Depends} also for python-libxml2-dbg.
* Add a lintian override for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
[ Gunnar Hjalmarsson ]
* d/p/python3-unicode-errors.patch:
Fix segfault issue with itstool and py3. LP: #1869814
-- Mattia Rizzolo <email address hidden> Fri, 10 Apr 2020 14:53:23 +0200
Available diffs
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-4) unstable; urgency=medium
* Team upload.
* Add patch from upstream to prevent a segfault in some platforms with
illegal documents.
-- Mattia Rizzolo <email address hidden> Thu, 27 Feb 2020 19:21:45 +0100
Available diffs
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-3) unstable; urgency=medium
* Team upload.
* Add patch so that xml2-config only disaplys libraries needed for dynamic
linking. Closes: #952115
-- Mattia Rizzolo <email address hidden> Sun, 23 Feb 2020 12:08:21 +0100
| Superseded in sid-release |
libxml2 (2.9.10+dfsg-2) unstable; urgency=medium
* Team upload
* Re-instate Python2 support for now, the rev-deps are not ready.
Re-opens: #936941
* python-libxml2-dbg: Depend on python2-dbg instead of python-dbg.
Closes: #948493
* d/control: Bump Standards-Version 4.5.0, no changes needed.
* Re-instnate the xml2-config script for now.
* Upload to unstable.
-- Mattia Rizzolo <email address hidden> Fri, 21 Feb 2020 14:45:03 +0100
| Deleted in experimental-release (Reason: None provided.) |
libxml2 (2.9.10+dfsg-1) experimental; urgency=medium
* Team upload.
* New upstream version 2.9.10+dfsg.
* Drop all patches.
* d/control:
+ Bump debhelper compat level to 12.
+ Bump Standards-Version to 4.4.1, no changes needed.
* d/libxml2.symbols: add Build-Depends-Package field, by lintian.
-- Mattia Rizzolo <email address hidden> Mon, 25 Nov 2019 16:48:13 +0100
| Superseded in experimental-release |
libxml2 (2.9.9+dfsg1-1~exp2) experimental; urgency=medium * Team upload. * Merge the lost uploads 2.9.7+dfsg-1 and 2.9.8+dfsg-1. -- Mattia Rizzolo <email address hidden> Tue, 19 Nov 2019 14:53:11 +0100
| Superseded in sid-release |
libxml2 (2.9.4+dfsg1-8) unstable; urgency=medium
* Team upload.
* Fix autopkgtest: use `python2` instead of `python` and actually run the
`python3` test. Closes: #943386
-- Mattia Rizzolo <email address hidden> Tue, 19 Nov 2019 12:05:14 +0100
| Superseded in experimental-release |
libxml2 (2.9.9+dfsg1-1~exp1) experimental; urgency=medium [ Mattia Rizzolo ] * New upstream version 2.9.7+dfsg [ Rene Engelhard ] * update Vcs-* (salsa) * actually remove the override_dh_gencontrol (thanks mattia)... * New upstream version 2.9.8+dfsg [ Aron Xu ] * New upstream version 2.9.9+dfsg1 * Remove patches merged upstream * Update symbols * Remove python2 support -- Aron Xu <email address hidden> Tue, 29 Oct 2019 10:08:51 +0000
| Superseded in experimental-release |
libxml2 (2.9.8+dfsg-1) experimental; urgency=medium
* Team upload.
[ Rene Engelhard ]
* New upstream version 2.9.8+dfsg.
* Update Vcs-* to salsa.debian.org.
[ Mattia Rizzolo ]
* d/libxml2.symbols:
+ Remove removed symbols xmlNop@Base (no users found anywhere).
+ Add two new symbols.
* Refresh patches.
+ Drop the Python 3.6 compatibility patch, upstreamed.
* d/copyright: Update.
* d/control: Bump Standards-Version to 4.2.1, no changes needed.
* d/rules: Bump shlibs version.
-- Mattia Rizzolo <email address hidden> Wed, 03 Oct 2018 16:45:11 +0200
| Published in jessie-release |
libxml2 (2.9.1+dfsg1-5+deb8u6) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790) -- Salvatore Bonaccorso <email address hidden> Fri, 12 Jan 2018 19:06:50 +0100
libxml2 (2.9.4+dfsg1-7) unstable; urgency=medium
* Team upload.
* drop automatically generated dependency on (non-existing) libicu60-dbg
from libxm2-dbg (closes: #900113)
-- Rene Engelhard <email address hidden> Sat, 26 May 2018 10:03:44 +0000
| Published in stretch-release |
libxml2 (2.9.4+dfsg1-2.2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790) -- Salvatore Bonaccorso <email address hidden> Fri, 12 Jan 2018 19:15:42 +0100
| Superseded in experimental-release |
libxml2 (2.9.7+dfsg-1) experimental; urgency=medium
* Team upload.
* New upstream version 2.9.7+dfsg. Closes: #882074
+ Infinite recursion in parameter entities. CVE-2017-16932; Closes: #882613
+ Double entity expansion; Closes: #836698
* Refresh patches.
* Refresh symbols.
* Stop installing /usr/bin/xml2-config.
Packages should just use pkg-config instead.
* Remove the libxml2-dbg package, in favour of automatic debug package.
-- Mattia Rizzolo <email address hidden> Wed, 03 Jan 2018 18:15:18 +0100
libxml2 (2.9.4+dfsg1-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
(Closes: #862450)
-- Salvatore Bonaccorso <email address hidden> Tue, 02 Jan 2018 08:59:03 +0100
| Superseded in sid-release |
libxml2 (2.9.4+dfsg1-6) unstable; urgency=medium
* Team upload.
* d/watch: bump to version 4, wrap lines, and limit matching to released
stable versions.
* Drop libxml2-udeb. The package has been broken in Ubuntu for a while
already, and nobody seems to care anyway.
* d/copyright: Rewrite using copyright-format 1.0.
* Employ automatic upstream tarball repacking.
* Bump debhelper compat level to 11.
* Remove old upgrade code dealing with symlinks-to-dir in /usr/share/doc.
* d/control:
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root: no.
+ Move from the deprecated priority:extra to priority:optional also for the
-dbg packages.
+ Lower the priority of the libxml2 package to optional.
Since Policy 4.0.1 library packages should not have a priority higher
than optional. See #886039 for the override change.
* d/rules:
+ Stop installing the TODO files.
+ Install the AUTHORS and README files only on the main libxml2 binary.
+ Workaround debhelper bug #886037 by reshuffling the dh_strip calls.
-- Mattia Rizzolo <email address hidden> Tue, 02 Jan 2018 00:54:05 +0100
libxml2 (2.9.4+dfsg1-5.2) unstable; urgency=medium * Non-maintainer upload. * Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790) -- Salvatore Bonaccorso <email address hidden> Thu, 14 Dec 2017 20:36:07 +0100
| Superseded in jessie-release |
libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
-- Salvatore Bonaccorso <email address hidden> Sat, 19 Aug 2017 17:31:22 +0200
libxml2 (2.9.4+dfsg1-5.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix NULL pointer deref in xmlDumpElementContent (CVE-2017-5969)
(Closes: #855001)
* Check for integer overflow in memory debug code (CVE-2017-5130)
(Closes: #880000)
* Fix copy-paste errors in error messages
* python: remove single use of _PyVerify_fd (Closes: #878684)
-- Salvatore Bonaccorso <email address hidden> Sat, 18 Nov 2017 16:39:04 +0100
libxml2 (2.9.4+dfsg1-5) unstable; urgency=medium
* Team upload.
* d/control: Bump Standards-Version to 4.1.1, no changes needed.
* d/rules:
+ Use `rename` instead of `prename`, and separate the -v and -f options.
Closes: #876308
+ Fix usage of debhelper's -N and -p options: newer debhelper doesn't
accept specifying packages not present in d/control.
-- Mattia Rizzolo <email address hidden> Sun, 15 Oct 2017 02:18:26 +0200
| Superseded in stretch-release |
libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
-- Salvatore Bonaccorso <email address hidden> Sat, 19 Aug 2017 17:36:49 +0200
libxml2 (2.9.4+dfsg1-4) unstable; urgency=medium
* Team upload.
* Drop Recommends: xml-core from libxml2.
xml-core is not really needed by anything, and packages needing it
already depend on it. Closes: #869744
Thanks to Adam Borowski <email address hidden> for proposing it.
* Run wrap-and-sort.
* Add Build-Depends on rename. Closes: #874211
* Bump Standards-Version to 4.1.0:
+ keep debug packages priority to extra as they are special cased by tools.
-- Mattia Rizzolo <email address hidden> Mon, 04 Sep 2017 11:46:04 +0200
libxml2 (2.9.4+dfsg1-3.1) unstable; urgency=low
* Non-maintainer upload.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
-- Salvatore Bonaccorso <email address hidden> Sun, 20 Aug 2017 06:56:40 +0200
Available diffs
libxml2 (2.9.4+dfsg1-3) unstable; urgency=medium
* Team upload.
[ Mattia Rizzolo ]
* d/control:
+ Use HTTPS in Vcs-* fields.
+ Remove the deprecated '${python:Provides}' and '${python3:Provides}'.
+ Bump Standards-Version to 4.0.0, no changes needed.
* Build for all supported python versions. Closes: #864328
Thanks to YunQiang Su <email address hidden> for the initial patch.
* Drop libxml-utils-dbg package in favour of the automatic debug package.
* Replace the upstream ChangeLog with the NEWS file. Closes: #808372
The ChangeLog file stopped being updated in 2009, whereas NEWS is
automatically generated by upstream during releases.
* d/rules:
+ Correctly make use of the dh sequencer in the build step.
Override dh_auto_build instead of using build/build-arch/build-indep
targets directly.
This makes possible for dh to call dh_autoreconf and other helpers that
would otherwise be skipped (like dh_update_autotools_config).
+ Fix duplicated targets for override_dh_auto_install-indep.
+ Streamline dpkg-buildflags usage.
* Bump debhelper compat level to 10
+ remove --parallel, now default
+ remove --with autoreconf, now default
[ Helmut Grohne ]
* Improve build profiles support. Closes: #862867
+ Rename the meaningless stage1 to the meaningful nopython.
+ Use the standard variable DEB_BUILD_PROFILES rather than
DEB_BUILD_PROFILE by checking dh_listpackages.
+ Correctly build nopython even when python is installed.
+ Add build profile annotations to debian/control.
-- Mattia Rizzolo <email address hidden> Tue, 04 Jul 2017 21:59:55 +0200
Available diffs
| 1 → 50 of 124 results | First • Previous • Next • Last |
