pkgsrc

History

tez 41aa471248 xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size. From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3		2017-06-21 00:23:23 +00:00
..
patches	xmlSnprintfElementContent failed to correctly check the available	2017-06-21 00:23:23 +00:00
buildlink3.mk
DESCR
distinfo	xmlSnprintfElementContent failed to correctly check the available	2017-06-21 00:23:23 +00:00
Makefile	xmlSnprintfElementContent failed to correctly check the available	2017-06-21 00:23:23 +00:00
Makefile.common	Convert all occurrences (353 by my count) of	2017-01-19 18:52:01 +00:00
options.mk
PLIST