UbuntuUpdates.org

Package "python-libxml2"

Name: python-libxml2

Description:

Python bindings for the GNOME XML library
Latest version: 2.7.8.dfsg-5.1ubuntu4.22
Release: precise (12.04)
Level: security
Repository: main
Head package: libxml2
Homepage: http://xmlsoft.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-libxml2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "python-libxml2" in Precise

Repository Area Version
base main 2.7.8.dfsg-5.1ubuntu4
updates main 2.7.8.dfsg-5.1ubuntu4.22

Changelog

Version: 2.7.8.dfsg-5.1ubuntu4.12 2015-11-16 19:06:39 UTC

  libxml2 (2.7.8.dfsg-5.1ubuntu4.12) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via XEE attack
    - include/libxml/tree.h, tree.c, xmlreader.c: enforce the reader to run
      in constant memory.
    - patch obtained from Debian's 2.7.8.dfsg-2+squeeze12 package.
    - CVE-2015-1819
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - parser.c: stop parsing on entities boundaries errors.
    - https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
    - https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
    - CVE-2015-7941
  * SECURITY UPDATE: overflow in conditional sections
    - parser.c: properly check input.
    - https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
    - https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
    - CVE-2015-7942

 -- Marc Deslauriers Fri, 13 Nov 2015 09:28:57 -0500
Source diff to previous version
CVE-2015-1819 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expa
CVE-2015-7941 out-of-bounds memory access
CVE-2015-7942 heap-buffer-overflow in xmlParseConditionalSections

Version: 2.7.8.dfsg-5.1ubuntu4.11 2014-10-27 14:06:48 UTC

  libxml2 (2.7.8.dfsg-5.1ubuntu4.11) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via entity expansion
    - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking
      and add additional tests.
    - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72
    - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777
    - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
    - CVE-2014-3660
 -- Marc Deslauriers <email address hidden> Wed, 22 Oct 2014 12:16:42 -0400
Source diff to previous version
CVE-2014-3660 RESERVED

Version: 2.7.8.dfsg-5.1ubuntu4.9 2014-06-17 12:06:52 UTC

  libxml2 (2.7.8.dfsg-5.1ubuntu4.9) precise-security; urgency=medium

  * SECURITY REGRESSION: more xmllint regressions (LP: #1321869)
    - use upstream commit which includes additional regression fixes to
      parser.c.
    - https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825
 -- Marc Deslauriers <email address hidden> Fri, 13 Jun 2014 09:11:38 -0400
Source diff to previous version
1321869 xmllint 2.9.1+dfsg1-3ubuntu4.1 does not load entities any more

Version: 2.7.8.dfsg-5.1ubuntu4.8 2014-06-09 15:06:56 UTC

  libxml2 (2.7.8.dfsg-5.1ubuntu4.8) precise-security; urgency=medium

  * SECURITY REGRESSION: xmllint no longer loads entities with --postvalid
    (LP: #1321869)
    - Thanks to Alexey Neyman for proposed patch
    - https://mail.gnome.org/archives/xml/2014-May/msg00003.html
 -- Marc Deslauriers <email address hidden> Fri, 06 Jun 2014 12:32:11 -0400
Source diff to previous version
1321869 xmllint 2.9.1+dfsg1-3ubuntu4.1 does not load entities any more

Version: 2.7.8.dfsg-5.1ubuntu4.7 2014-05-15 18:07:02 UTC

  libxml2 (2.7.8.dfsg-5.1ubuntu4.7) precise-security; urgency=medium

  * SECURITY UPDATE: resource exhaustion via external parameter entities
    - parser.c: do not fetch external parameter entities.
    - https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
    - CVE-2014-0191
 -- Marc Deslauriers <email address hidden> Thu, 08 May 2014 14:30:38 -0400
CVE-2014-0191 external parameter entity loaded when entity substitution is disabled


About   -   Send Feedback to @ubuntu_updates