testing libxml2 for Wheezy LTS
Hi everybody,
I uploaded version 2.8.0+dfsg1-7+wheezy7 of libxml2 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/amd64/
Please give it a try and tell me about any problems you met. It would be
nice to also test cases where "range-to" is really needed.
Thanks!
Thorsten
* CVE-2016-4658
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
* CVE-2016-5131
The old code would invoke the broken xmlXPtrRangeToFunction.
range-to isn't really a function but a special kind of
location step. Remove this function and always handle range-to
in the XPath code.
The old xmlXPtrRangeToFunction could also be abused to trigger
a use-after-free error with the potential for remote code
execution.
Reply to: