Adopt wheezy fixes (several CVEs and few bugs) #2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
supplements the patch for CVE-2014-0191
(Closes: #768089)
The two upstream commits a3f1e3e5712257fd279917a9158278534e8f4b72 and
cff2546f13503ac028e4c1f63c7b6d85f2f2d777 are required in addition to the
commit be2a7edaf289c5da74a4f9ed3a0b6c733e775230 to fix CVE-2014-3660 due
to changes in the use of ent->checked.
Fixes "libxml2: CVE-2014-3660 patch makes installation-guide FTBFS".
(Closes: #774358)
CVE-2015-7941: Denial of service via out-of-bounds read. (Closes: #783010)
CVE-2015-1819: Enforce the reader to run in constant memory.
Thanks to Mike Gabriel for the patch backport. (Closes: #782782)
CVE-2015-8317: Out-of-bounds heap read when parsing file with unfinished
xml declaration.
CVE-2015-7942: heap-based buffer overflow in
xmlParseConditionalSections(). (Closes: #802827)
Parsing an unclosed comment can result in
Conditional jump or move depends on uninitialised value(s)
and unsafe memory access.(Closes: #782985)
CVE-2015-8035: DoS when parsing specially crafted XML document if XZ
support is enabled. (Closes: #803942)
CVE-2015-8241: Buffer overread with XML parser in xmlNextChar.
(Closes: #806384)
CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl.
CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey.
CVE-2015-5312: CPU exhaustion when processing specially crafted XML
input.
CVE-2015-7499: Heap-based buffer overflow in xmlGROW.
Add a specific parser error (XML_ERR_USER_STOP), backported from
e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream (commit to address
CVE-2013-2877, the "Try to stop parsing as quickly as possible" was not
backported).
CVE-2015-7500: Heap buffer overflow in xmlParseMisc.
(CVE-2016-3705) (Closes: #823414)
(CVE-2016-4483) (Closes: #823405)
(CVE-2016-1838)
CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807)
(CVE-2016-1837)
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
The old code would invoke the broken xmlXPtrRangeToFunction.
range-to isn't really a function but a special kind of
location step. Remove this function and always handle range-to
in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger
a use-after-free error with the potential for remote code
execution.