Versione 7.18.2-8ubuntu4.1:
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/cert-null-cn.patch: backported upstream changes.
- CVE-2009-2417
SSL support is provided by GnuTLS. This is the shared version of libcurl.
Versione 2.6.32.dfsg-5ubuntu4.2:
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
- parser.c: reintroduce the security fix for CVE-2008-3529 that got
lost somehow
- CVE-2008-3529
This package provides a library providing an extensive API to handle such XML data files.
Versione 2.6.32.dfsg-5ubuntu4.2:
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
- parser.c: reintroduce the security fix for CVE-2008-3529 that got
lost somehow
- CVE-2008-3529
This package provides xmllint, a tool for validating and reformatting XML documents, and xmlcatalog, a tool to parse and manipulate XML or SGML catalog files.
This package contains the files needed to use the GNOME XML library in Python programs.
* SECURITY UPDATE: SSL cert hostname checking bypass with NULL byte.
- add debian/patches/cert-null-cn.patch: backported upstream changes.
- CVE-2009-2417
SSL support is provided by GnuTLS. This is the shared version of libcurl.
Versione 2.6.32.dfsg-5ubuntu4.2:
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
- parser.c: reintroduce the security fix for CVE-2008-3529 that got
lost somehow
- CVE-2008-3529
This package provides a library providing an extensive API to handle such XML data files.
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416
* SECURITY UPDATE: heap overflow in entity name parsing
- parser.c: reintroduce the security fix for CVE-2008-3529 that got
lost somehow
- CVE-2008-3529
This package provides xmllint, a tool for validating and reformatting XML documents, and xmlcatalog, a tool to parse and manipulate XML or SGML catalog files.
This package contains the files needed to use the GNOME XML library in Python programs.
If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:
0 comments:
Post a Comment