projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cefd7a7) | patch
libxml2: security bump to version 2.9.4
authorBaruch Siach <baruch@tkos.co.il>
Mon, 23 May 2016 17:41:34 +0000 (20:41 +0300)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mon, 23 May 2016 18:09:38 +0000 (20:09 +0200)
commit925f0897fecbd3d47c432fa6c41bfd0027e5ceb5
tree0393500129fedb5a6717c03beb6a2bab0ef3399atree
parentcefd7a7bbeb67c4deacd74c1a2447b1c4cf6a64dcommit | diff
libxml2: security bump to version 2.9.4

Fixes a bunch of security issues including:

  CVE-2016-1762: Heap-based buffer overread in xmlNextChar

  CVE-2016-1834: heap-buffer-overflow in xmlStrncat

  CVE-2016-3705: Missing increments of recursion depth counter to XML parser

A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.

Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/libxml2/libxml2.hash diff | blob | history
package/libxml2/libxml2.mk diff | blob | history