godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity
40,448 Commits 28 Branches 277 Tags
2018.02.12
Commit Graph

8 Commits

Author SHA1 Message Date
Fabrice Fontaine
6fc89549ae libxml2: security bump to version 2.9.9 
- Fixes CVE-2018-9251 and CVE-2018-14567:
  2240fbf591
- Fixes CVE-2018-14404: https://gitlab.gnome.org/GNOME/libxml2/issues/5
- Remove patch: CVE-2017-8872 was fixed by
  https://gitlab.gnome.org/GNOME/libxml2/issues/26

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cb3397e633)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-01-29 23:06:05 +01:00
Fabrice Fontaine
74aac93857 libxml2: bump to version 2.9.8 
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 889d904f8a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-01-29 23:05:59 +01:00
Adam Duskett
a54794e652 libxml2: bump to 2.9.7 
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-11-22 22:29:32 +01:00
Samuel Martin
fd313f8dc6 package/libxml2: add license hash 
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
 2017-11-05 17:45:06 +01:00
Adam Duskett
d8bc440e3a libxml2: security bump to version 2.9.5 
Fixes CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048,
CVE-2017-5969.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
[Thomas: improved commit log, from Baruch suggestion.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-09-05 21:15:55 +02:00
Baruch Siach
925f0897fe libxml2: security bump to version 2.9.4 
Fixes a bunch of security issues including:

  CVE-2016-1762: Heap-based buffer overread in xmlNextChar

  CVE-2016-1834: heap-buffer-overflow in xmlStrncat

  CVE-2016-3705: Missing increments of recursion depth counter to XML parser

A few more security fixes are listed in the release announcement at
https://mail.gnome.org/archives/xml/2016-May/msg00023.html.

Also fixes:
http://autobuild.buildroot.net/results/6db/6db405a097b192876c0b1b8d59051d614563c617/
http://autobuild.buildroot.net/results/62a/62addf4abd2a0df8222a81a83c16b2b9a61c9481/
http://autobuild.buildroot.net/results/204/20402690ad05d10d456a219da5252a38badf1da0/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-05-23 20:09:38 +02:00
Danomi Manchego
08e08586b5 libxml2: security bump to version 2.9.3 
- Fixes:
  - CVE-2015-5312 - Another entity expansion issue
  - CVE-2015-7497 - Avoid an heap buffer overflow in xmlDictComputeFastQKey
  - CVE-2015-7500 - Fix memory access error due to incorrect entities boundaries
  - CVE-2015-8242 - Buffer overead with HTML parser in push mode

- Incorporates upstreamed patches as well, which also fixed:
  - CVE-2015-1819 - The xmlreader in libxml allows remote attackers to cause
    a denial of service (memory consumption) via crafted XML data, related
    to an XML Entity Expansion (XEE) attack.
  - CVE-2015-7941 - out-of-bounds memory access.
  - CVE-2015-7942 - heap-buffer-overflow in xmlParseConditionalSections.
  - CVE-2015-8035 - DoS via crafted xz file.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-11-22 13:44:47 +01:00
Gustavo Zacarias
841c63ce66 libxml2: security bump to version 2.9.2 
Fixes:
CVE-2014-3660 - billion laugh variant
CVE-2014-0191 - Do not fetch external parameter entities

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2014-10-17 14:17:48 +02:00