Catalin Enache d7ec005904 libxml2: CVE-2016-9318 ...

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0

(From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2017-04-29 11:17:23 +01:00

..

ansidecl.patch

libxml2: upgrade to 2.9.3

2015-12-01 21:32:14 +00:00

CVE-2016-9318.patch

libxml2: CVE-2016-9318

2017-04-29 11:17:23 +01:00

libxml2-CVE-2016-4658.patch

libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

2016-12-16 10:23:23 +00:00

libxml2-CVE-2016-5131.patch

libxml2: Security fix CVE-2016-5131

2016-11-30 15:48:08 +00:00

libxml2-fix_node_comparison.patch

libxml2: Necessary changes before fixing CVE-2016-5131

2016-12-16 10:23:23 +00:00

libxml2-fix_NULL_pointer_derefs.patch

libxml2: Fix more NULL pointer derefs

2016-12-16 10:23:23 +00:00

libxml-64bit.patch

libxml2: upgrade to version 2.7.8

2011-04-18 05:51:19 +01:00

libxml-m4-use-pkgconfig.patch

libxml2: fix AM_PATH_XML2

2016-04-09 23:00:45 +01:00

python-sitepackages-dir.patch

libxml2: upgrade to 2.9.2

2014-12-25 08:18:12 +00:00

run-ptest

libxml2: Add ptest

2013-07-10 09:42:01 +01:00

runtest.patch

Upstream-Status: Correct capitalization

2013-07-18 21:23:43 +01:00