Re: Another XML build issue
| От | Kevin Grittner |
|---|---|
| Тема | Re: Another XML build issue |
| Дата | |
| Msg-id | CACjxUsNEU_EvMyJ3978BiYLxpcAWMy6h0tP0r8v9VOZG05Z3sw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Another XML build issue (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Mon, Dec 14, 2015 at 9:44 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Can you look to see if Ubuntu is carrying some > distro-specific patch that affects this? Here's what is in the log for the change that I think is the one that came through today: ============================================================ libxml2 (2.9.1+dfsg1-3ubuntu4.6) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via entity expansion issue - debian/patches/CVE-2015-5312.patch: properly exit whenentity expansion is detected in parser.c. - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey - debian/patches/CVE-2015-7497.patch: check offset in dict.c. - CVE-2015-7497 * SECURITY UPDATE:denial of service via encoding conversion failures - debian/patches/CVE-2015-7498.patch: avoid processing entitiesafter encoding conversion failures in parser.c. - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in xmlGROW - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the parser in parser.c. - debian/patches/CVE-2015-7499-2.patch:check input in parser.c. - CVE-2015-7499 * SECURITY UPDATE: out of bounds read inxmlParseMisc - debian/patches/CVE-2015-7500.patch: check entity boundaries in parser.c. - CVE-2015-7500 * SECURITYUPDATE: denial of service via extra processing of MarkupDecl - debian/patches/CVE-2015-8241.patch: add extra EOFcheck in parser.c. - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode - debian/patches/CVE-2015-8242.patch:use pointer in the input in HTMLparser.c. - CVE-2015-8242 * SECURITY UPDATE: denialof service via encoding failures - debian/patches/CVE-2015-8317-1.patch: do not process encoding values if thedeclaration is broken in parser.c. - debian/patches/CVE-2015-8317-2.patch: fail parsing if the encoding conversionfailed in parser.c. - CVE-2015-8317 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Dec 2015 12:00:30 -0500 ============================================================ I don't know how that compares to other distros... -- Kevin Grittner EDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: