diff options
author | Raphaël Hertzog <hertzog@debian.org> | 2015-08-25 23:25:29 +0200 |
---|---|---|
committer | Raphaël Hertzog <hertzog@debian.org> | 2015-08-25 23:25:29 +0200 |
commit | c8bb544cf113e1231e9f1f391bd70a5c55480453 (patch) | |
tree | dc57a1e9173e88105a4341d74e8eb8d3cc3349c0 /debian/changelog | |
parent | 37f590756a23e167808f76f1389c36f0a2d39f11 (diff) | |
download | libxml2-c8bb544cf113e1231e9f1f391bd70a5c55480453.tar.gz |
Fix 3 security issues by adding 4 patches
- CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause
a denial of service (memory consumption) via crafted XML data, related to
an XML Entity Expansion (XEE) attack. Closes: #782782
- Out-of-bounds access when parsing unclosed HTML comment
https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985
- Out-of-bounds memory access
https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index dc762be..78e557c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,14 @@ libxml2 (2.9.2+really2.9.1+dfsg1-0.1) unstable; urgency=medium again. Closes: #766884 * Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring CVE-2014-3660 is fixed too. + * Fix 3 security issues by adding 4 patches: + - CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause + a denial of service (memory consumption) via crafted XML data, related to + an XML Entity Expansion (XEE) attack. Closes: #782782 + - Out-of-bounds access when parsing unclosed HTML comment + https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985 + - Out-of-bounds memory access + https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010 -- Raphaël Hertzog <hertzog@debian.org> Tue, 25 Aug 2015 22:31:29 +0200 |