[SECURITY] [DLA 691-1] libxml2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libxml2
Version : 2.8.0+dfsg1-7+wheezy7
CVE ID : CVE-2016-4658 CVE-2016-5131
CVE-2016-4658
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
CVE-2016-5131
The old code would invoke the broken xmlXPtrRangeToFunction.
range-to isn't really a function but a special kind of
location step. Remove this function and always handle range-to
in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger
a use-after-free error with the potential for remote code
execution.
For Debian 7 "Wheezy", these problems have been fixed in version
2.8.0+dfsg1-7+wheezy7.
We recommend that you upgrade your libxml2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJYF3rkXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHk6kQAKNZdsL5pKUm4AxEN1haC+7z
PiBAnARH80w5vqYWh2P4+1DBBvLor4IbPOi9y3/5b8IRMhDefQwwrZv0RSxROv9k
2VekzC+uJ0mLyyPRGKfF6nwWBaLdaopu1EJK5EkWhUdVksYU9FcsgfMlArcjX5vh
GlOTQtRhmledFPMPnj2G6PBVAd46pw6Jjsu49TAK35jFhPX0Jb3iCqWEB1B42y50
k+kUm3bakvhowD8TkZxbYbDOWQdOcqQL//NKgpHtN4HEQjsQNRvJuCpo8DhYmean
fNxX6MbO7O97+ckEkDD88o7YFNGEm26+SnkWK7Uu3hMsqoUEfaZldY9gOrdXnrva
jVP7YW7/XtXBbPVmNn6jhqgLk5YIJd9QM6K2BX2JcJfEtByPF5ghdJ9wk6yEH1uZ
VGrtGOa7X+KrCD5l62WV0c5zDLHfn6Qvw7ko3seA7/y5IgarwoYYdWXg2Rq93BxO
lF0QXnnnKrmdhee50oRW1WD3U4CmPE6dJoPVOKXXqP+fNoeMjOg/Nlw7qTfrJqRI
QWL2y/pCK8vaXRsfpRltpOpgUD+wmBIinGjnUDaVJqxzKwNzIJcx4+RHUg8k8qYM
Vt25MRM1Qq77w3bu/LnebcX0Zftkp933Vi2IoNHSMrc4jNGAQdSNVrxSHQxEKrWG
LON77oCUYH8mnswxdbZK
=Av/p
-----END PGP SIGNATURE-----
Reply to: