-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-08-10 16:32:39 UTC
-
Revision ID:
james.westby@ubuntu.com-20090810163239-qhjw7u8bap0v1xu9
Tags: 2.6.31.dfsg-2ubuntu1.4
* SECURITY UPDATE: denial of service via stack overflow from crafted
root XML document element DTD definition
- parser.c: validate ctxt->depth isn't too deep
- CVE-2009-2414
* SECURITY UPDATE: denial of service via use-after-frees when parsing
Notation and Enumeration attribute types
- parser.c: use xmlFreeEnumeration before returning.
- CVE-2009-2416