Daniel Veillard | b4d30b6 | 2003-03-16 22:32:36 +0000 | [diff] [blame] | 1 | <?xml version="1.0"?> |
| 2 | <!DOCTYPE xsa PUBLIC "-//LM Garshol//DTD XML Software Autoupdate 1.0//EN//XML" "http://www.garshol.priv.no/download/xsa/xsa.dtd"> |
| 3 | <xsa> |
| 4 | <vendor> |
| 5 | <name>Daniel Veillard</name> |
| 6 | <email>daniel@veillard.com</email> |
| 7 | <url>http://veillard.com/</url> |
| 8 | </vendor> |
| 9 | <product id="libxml2"> |
| 10 | <name>libxml2</name> |
Daniel Veillard | bdec218 | 2016-05-23 16:04:52 +0800 | [diff] [blame] | 11 | <version>v2.9.3</version> |
| 12 | <last-release> Nov 20 2015</last-release> |
Daniel Veillard | b4d30b6 | 2003-03-16 22:32:36 +0000 | [diff] [blame] | 13 | <info-url>http://xmlsoft.org/</info-url> |
Daniel Veillard | 6657afe | 2015-11-20 17:55:11 +0800 | [diff] [blame] | 14 | <changes> - Security: |
Daniel Veillard | bdec218 | 2016-05-23 16:04:52 +0800 | [diff] [blame] | 15 | CVE-2015-8242 Buffer overead with HTML parser in push mode (Hugh Davenport), |
| 16 | CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (Daniel Veillard), |
| 17 | CVE-2015-7499-2 Detect incoherency on GROW (Daniel Veillard), |
| 18 | CVE-2015-7499-1 Add xmlHaltParser() to stop the parser (Daniel Veillard), |
| 19 | CVE-2015-5312 Another entity expansion issue (David Drysdale), |
| 20 | CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (David Drysdale), |
| 21 | CVE-2015-7498 Avoid processing entities after encoding conversion failures (Daniel Veillard), |
| 22 | CVE-2015-8035 Fix XZ compression support loop (Daniel Veillard), |
| 23 | CVE-2015-7942-2 Fix an error in previous Conditional section patch (Daniel Veillard), |
| 24 | CVE-2015-7942 Another variation of overflow in Conditional sections (Daniel Veillard), |
| 25 | CVE-2015-1819 Enforce the reader to run in constant memory (Daniel Veillard) |
| 26 | CVE-2015-7941_2 Cleanup conditional section error handling (Daniel Veillard), |
| 27 | CVE-2015-7941_1 Stop parsing on entities boundaries errors (Daniel Veillard), |
Daniel Veillard | 7a896ce | 2009-09-24 18:38:57 +0200 | [diff] [blame] | 28 | |
Daniel Veillard | 6657afe | 2015-11-20 17:55:11 +0800 | [diff] [blame] | 29 | - Documentation: |
Daniel Veillard | bdec218 | 2016-05-23 16:04:52 +0800 | [diff] [blame] | 30 | Correct spelling of "calling" (Alex Henrie), |
| 31 | Fix a small error in xmllint --format description (Fabien Degomme), |
| 32 | Avoid XSS on the search of xmlsoft.org (Daniel Veillard) |
Daniel Veillard | 4c2e7c6 | 2010-11-04 18:35:57 +0100 | [diff] [blame] | 33 | |
Daniel Veillard | 6657afe | 2015-11-20 17:55:11 +0800 | [diff] [blame] | 34 | - Portability: |
Daniel Veillard | bdec218 | 2016-05-23 16:04:52 +0800 | [diff] [blame] | 35 | threads: use forward declarations only for glibc (Michael Heimpold), |
| 36 | Update Win32 configure.js to search for configure.ac (Daniel Veillard) |
| 37 | |
| 38 | - Bug Fixes: |
| 39 | Bug on creating new stream from entity (Daniel Veillard), |
| 40 | Fix some loop issues embedding NEXT (Daniel Veillard), |
| 41 | Do not print error context when there is none (Daniel Veillard), |
| 42 | Avoid extra processing of MarkupDecl when EOF (Hugh Davenport), |
| 43 | Fix parsing short unclosed comment uninitialized access (Daniel Veillard), |
| 44 | Add missing Null check in xmlParseExternalEntityPrivate (Gaurav Gupta), |
| 45 | Fix a bug in CData error handling in the push parser (Daniel Veillard), |
| 46 | Fix a bug on name parsing at the end of current input buffer (Daniel Veillard), |
| 47 | Fix the spurious ID already defined error (Daniel Veillard), |
| 48 | Fix previous change to node sort order (Nick Wellnhofer), |
| 49 | Fix a self assignment issue raised by clang (Scott Graham), |
| 50 | Fail parsing early on if encoding conversion failed (Daniel Veillard), |
| 51 | Do not process encoding values if the declaration if broken (Daniel Veillard), |
| 52 | Silence clang's -Wunknown-attribute (Michael Catanzaro), |
| 53 | xmlMemUsed is not thread-safe (Martin von Gagern), |
| 54 | Fix support for except in nameclasses (Daniel Veillard), |
| 55 | Fix order of root nodes (Nick Wellnhofer), |
| 56 | Allow attributes on descendant-or-self axis (Nick Wellnhofer), |
| 57 | Fix the fix to Windows locking (Steve Nairn), |
| 58 | Fix timsort invariant loop re: Envisage article (Christopher Swenson), |
| 59 | Don't add IDs in xmlSetTreeDoc (Nick Wellnhofer), |
| 60 | Account for ID attributes in xmlSetTreeDoc (Nick Wellnhofer), |
| 61 | Remove various unused value assignments (Philip Withnall), |
| 62 | Fix missing entities after CVE-2014-3660 fix (Daniel Veillard), |
| 63 | Revert "Missing initialization for the catalog module" (Daniel Veillard) |
Daniel Veillard | c943f70 | 2012-05-23 17:10:59 +0800 | [diff] [blame] | 64 | |
Daniel Veillard | 6657afe | 2015-11-20 17:55:11 +0800 | [diff] [blame] | 65 | - Improvements: |
Daniel Veillard | bdec218 | 2016-05-23 16:04:52 +0800 | [diff] [blame] | 66 | Reuse xmlHaltParser() where it makes sense (Daniel Veillard), |
| 67 | xmlStopParser reset errNo (Daniel Veillard), |
| 68 | Reenable xz support by default (Daniel Veillard), |
| 69 | Recover unescaped less-than character in HTML recovery parsing (Daniel Veillard), |
| 70 | Allow HTML serializer to output HTML5 DOCTYPE (Shaun McCance), |
| 71 | Regression test for bug #695699 (Nick Wellnhofer), |
| 72 | Add a couple of XPath tests (Nick Wellnhofer), |
| 73 | Add Python 3 rpm subpackage (Tomas Radej), |
| 74 | libxml2-config.cmake.in: update include directories (Samuel Martin), |
| 75 | Adding example from bugs 738805 to regression tests (Daniel Veillard) |
Daniel Veillard | 4c2e7c6 | 2010-11-04 18:35:57 +0100 | [diff] [blame] | 76 | |
Daniel Veillard | 6657afe | 2015-11-20 17:55:11 +0800 | [diff] [blame] | 77 | - Cleanups: |
Daniel Veillard | 7a896ce | 2009-09-24 18:38:57 +0200 | [diff] [blame] | 78 | |
Daniel Veillard | c8338f1 | 2006-10-25 16:06:29 +0000 | [diff] [blame] | 79 | |
| 80 | </changes> |
Daniel Veillard | b4d30b6 | 2003-03-16 22:32:36 +0000 | [diff] [blame] | 81 | </product> |
| 82 | </xsa> |