Re: Another XML build issue

Поиск
Список
Период
Сортировка
От Kevin Grittner
Тема Re: Another XML build issue
Дата
Msg-id CACjxUsNEU_EvMyJ3978BiYLxpcAWMy6h0tP0r8v9VOZG05Z3sw@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Another XML build issue  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
On Mon, Dec 14, 2015 at 9:44 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Can you look to see if Ubuntu is carrying some
> distro-specific patch that affects this?

Here's what is in the log for the change that I think is the one that
came through today:

============================================================

libxml2 (2.9.1+dfsg1-3ubuntu4.6) trusty-security; urgency=medium
 * SECURITY UPDATE: denial of service via entity expansion issue   - debian/patches/CVE-2015-5312.patch: properly exit
whenentity     expansion is detected in parser.c.   - CVE-2015-5312 * SECURITY UPDATE: heap buffer overflow in
xmlDictComputeFastQKey  - debian/patches/CVE-2015-7497.patch: check offset in dict.c.   - CVE-2015-7497 * SECURITY
UPDATE:denial of service via encoding conversion failures   - debian/patches/CVE-2015-7498.patch: avoid processing
entitiesafter     encoding conversion failures in parser.c.   - CVE-2015-7498 * SECURITY UPDATE: out of bounds read in
xmlGROW  - debian/patches/CVE-2015-7499-1.patch: add xmlHaltParser() to stop the     parser in parser.c.   -
debian/patches/CVE-2015-7499-2.patch:check input in parser.c.   - CVE-2015-7499 * SECURITY UPDATE: out of bounds read
inxmlParseMisc   - debian/patches/CVE-2015-7500.patch: check entity boundaries in     parser.c.   - CVE-2015-7500 *
SECURITYUPDATE: denial of service via extra processing of MarkupDecl   - debian/patches/CVE-2015-8241.patch: add extra
EOFcheck in parser.c.   - CVE-2015-8241 * SECURITY UPDATE: buffer overead with HTML parser in push mode   -
debian/patches/CVE-2015-8242.patch:use pointer in the input in     HTMLparser.c.   - CVE-2015-8242 * SECURITY UPDATE:
denialof service via encoding failures   - debian/patches/CVE-2015-8317-1.patch: do not process encoding values     if
thedeclaration is broken in parser.c.   - debian/patches/CVE-2015-8317-2.patch: fail parsing if the encoding
conversionfailed in parser.c.   - CVE-2015-8317
 
-- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 09 Dec 2015
12:00:30 -0500

============================================================

I don't know how that compares to other distros...

-- 
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Another XML build issue
Следующее
От: Robert Haas
Дата:
Сообщение: Re: Fixing warnings in back branches?