testing libxml2 for Wheezy LTS

To: debian-lts@lists.debian.org
Subject: testing libxml2 for Wheezy LTS
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 23 Oct 2016 20:04:25 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1610232001530.1741@jupiter.server.alteholz.net>

Hi everybody,

I uploaded version 2.8.0+dfsg1-7+wheezy7 of libxml2 to:

https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/amd64/

Please give it a try and tell me about any problems you met. It would benice to also test cases where "range-to" is really needed.


Thanks!
 Thorsten


   * CVE-2016-4658
     Namespace nodes must be copied to avoid use-after-free errors.
     But they don't necessarily have a physical representation in a
     document, so simply disallow them in XPointer ranges.
   * CVE-2016-5131
     The old code would invoke the broken xmlXPtrRangeToFunction.
     range-to isn't really a function but a special kind of
     location step. Remove this function and always handle range-to
     in the XPath code.
     The old xmlXPtrRangeToFunction could also be abused to trigger
     a use-after-free error with the potential for remote code
     execution.

Reply to:

Follow-Ups:
- Re: testing libxml2 for Wheezy LTS
  - From: Emilio Pozuelo Monfort <pochu@debian.org>

Prev by Date: Wheezy update of sendmail?
Next by Date: Re: Wheezy update of bash?
Previous by thread: Re: Wheezy update of sendmail?
Next by thread: Re: testing libxml2 for Wheezy LTS
Index(es):
- Date
- Thread