[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testing libxml2 for Wheezy LTS

Hi everybody,

I uploaded version 2.8.0+dfsg1-7+wheezy7 of libxml2 to:


Please give it a try and tell me about any problems you met. It would be nice to also test cases where "range-to" is really needed.


   * CVE-2016-4658
     Namespace nodes must be copied to avoid use-after-free errors.
     But they don't necessarily have a physical representation in a
     document, so simply disallow them in XPointer ranges.
   * CVE-2016-5131
     The old code would invoke the broken xmlXPtrRangeToFunction.
     range-to isn't really a function but a special kind of
     location step. Remove this function and always handle range-to
     in the XPath code.
     The old xmlXPtrRangeToFunction could also be abused to trigger
     a use-after-free error with the potential for remote code

Reply to: