41aa471248
buffer space in two locations. Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). From: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74 There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Percent sign in DTD Names ========================= This fixes bug 766956 initially reported by Wei Lei and independently by Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone involved. xmlParseNameComplex with XML_PARSE_OLD10 ======================================== This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). Thanks to Marcel Böhme and Thuan Pham for the report. Additional hardening ==================== A separate check was added in xmlParseNameComplex to validate the buffer size. From: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3 |
||
|---|---|---|
| .. | ||
| patch-aa | ||
| patch-ab | ||
| patch-ac | ||
| patch-ad | ||
| patch-ae | ||
| patch-encoding.c | ||
| patch-parseInternals.c | ||
| patch-parser.c | ||
| patch-result_XPath_xptr_vidbase | ||
| patch-runtest.c | ||
| patch-test_XPath_xptr_vidbase | ||
| patch-testlimits.c | ||
| patch-timsort.h | ||
| patch-valid.c | ||
| patch-xmlIO.c | ||
| patch-xpath.c | ||
| patch-xpointer.c | ||