Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt wheezy fixes (several CVEs and few bugs) #1

Merged
merged 7 commits into from Feb 15, 2016
Merged

Adopt wheezy fixes (several CVEs and few bugs) #1

merged 7 commits into from Feb 15, 2016

Conversation

lufik
Copy link
Contributor

@lufik lufik commented Feb 9, 2016

  • Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when
    performing string substition during entity expansion (closes: #702260).
  • Fix cve-2013-2877: out-of-bounds read when handling documents that end
    abruptly.
  • 0007-Fix-pthread-memory-corruption.patch: patch stolen from the
    upstream repository. Fix memory corruption when re-using the libxml2
    from threaded applications (Closes: #742258).
  • 0008-Fix-a-thread-portability-problem.patch: Fix buggy patch 0007
    (Closes: #765770)
  • debian/patches/cve-2014-0191.patch: libxml2 could be made to consume
    resources if it processed a specially crafted file.
    (Closes: #747309, #762864, CVE-2014-0191)
  • Add patch for CVE-2014-3660 (Closes: #765722)

lufik added a commit that referenced this pull request Feb 15, 2016
@lufik
Merge pull request #1 from lufik/master
96a4f4c 
Adopt wheezy fixes (several CVEs and few bugs)

- Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when performing string substition during entity expansion (closes: #702260).
- Fix cve-2013-2877: out-of-bounds read when handling documents that end abruptly.
- 0007-Fix-pthread-memory-corruption.patch: patch stolen from the upstream repository. Fix memory corruption when re-using the libxml2 from threaded applications (Closes: #742258).
- 0008-Fix-a-thread-portability-problem.patch: Fix buggy patch 0007 (Closes: #765770)
- debian/patches/cve-2014-0191.patch: libxml2 could be made to consume resources if it processed a specially crafted file. (Closes: #747309, #762864, CVE-2014-0191)
- Add patch for CVE-2014-3660 (Closes: #765722)
@lufik lufik merged commit 96a4f4c into community-ssu:master Feb 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@lufik