Commit 75152d7b authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso Committed by Mattia Rizzolo

Import Debian changes 2.9.4+dfsg1-6.1

libxml2 (2.9.4+dfsg1-6.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
    (Closes: #862450)
parent f98b0492
libxml2 (2.9.4+dfsg1-6.1) unstable; urgency=medium
* Non-maintainer upload.
* Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872)
(Closes: #862450)
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 02 Jan 2018 08:59:03 +0100
libxml2 (2.9.4+dfsg1-6) unstable; urgency=medium
* Team upload.
......
Description: Out-of-bounds read in htmlParseTryOrFinish
Origin: vendor, https://bugzilla.novell.com/attachment.cgi?id=732309
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775200
Bug-Debian: https://bugs.debian.org/862450
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-8872
Bug-SUSE: https://bugzilla.novell.com/show_bug.cgi?id=1038444
Forwarded: yes, https://bug775200.bugzilla-attachments.gnome.org/attachment.cgi?id=355527
Author: Marcus Meissner <meissner@suse.de>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-01-02
--- a/parser.c
+++ b/parser.c
@@ -12725,6 +12725,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
}
ctxt->input->cur = BAD_CAST"";
ctxt->input->base = ctxt->input->cur;
+ if (ctxt->input->buf) {
+ xmlBufEmpty (ctxt->input->buf->buffer);
+ } else
+ ctxt->input->length = 0;
}
}
......@@ -16,3 +16,4 @@
0016-Fix-copy-paste-errors-in-error-messages.patch
0017-python-remove-single-use-of-_PyVerify_fd.patch
0018-Fix-XPath-stack-frame-logic.patch
0019-CVE-2017-8872.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment