-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2013-07-11 14:53:41 UTC
-
Revision ID:
package-import@ubuntu.com-20130711145341-0t3q707lu2ner4hb
Tags: 2.8.0+dfsg1-5ubuntu2.3
* SECURITY UPDATE: external entity expansion attack (LP: #1194410)
- debian/patches/CVE-2013-0339.patch: do not fetch external parsed
entities in parser.c, added test to test/errors/extparsedent.xml,
result/errors/extparsedent.xml.
- CVE-2013-0339
* SECURITY UPDATE: denial of service via incomplete document
- debian/patches/CVE-2013-2877.patch: try to stop parsing as quickly as
possible in parser.c, include/libxml/xmlerror.h.
- CVE-2013-2877