-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-06-10 22:01:23 UTC
-
Revision ID:
james.westby@ubuntu.com-20090610220123-v48896k90jy4q1jk
Tags: 2.0.55-4ubuntu2.5
* SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
- debian/patches/110_CVE-2009-0023.dpatch: adjust
srclib/apr-util/strmatch/apr_strmatch.c to properly evaluate strings as
unsigned char rather than int
- CVE-2009-0023
* SECURITY UPDATE: Prevent "billion laughs" attack against expat
- debian/patches/111_CVE-2009-1955.dpatch: adjust
srclib/apr-util/xml/apr_xml.c to disable internal entity expansion
- CVE-2009-1955
* SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
- debian/patches/112_CVE-2009-1956.dpatch: don't add null terminator to
vd.vbuff.curpos in srclib/apr-util/buckets/apr_brigade.c
- CVE-2009-1956