[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [xml] xml Digest, Vol 57, Issue 16
- From: ww-mailinglist zend com
- To: xml gnome org
- Subject: Re: [xml] xml Digest, Vol 57, Issue 16
- Date: Tue, 20 Jan 2009 11:32:08 +0200
Does it fix CVE-2008-4225 and
CVE-2008-4226 ?
On Monday 19 January 2009 02:00:35 pm xml-request gnome org wrote:
> Send xml mailing list submissions to
> xml gnome org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.gnome.org/mailman/listinfo/xml
> or, via email, send a message with subject or body 'help' to
> xml-request gnome org
>
> You can reach the person managing the list at
> xml-owner gnome org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of xml digest..."
>
>
> Today's Topics:
>
> 1. Release of libxml2-2.7.3 (Daniel Veillard)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 18 Jan 2009 22:54:24 +0100
> From: Daniel Veillard <veillard redhat com>
> Subject: [xml] Release of libxml2-2.7.3
> To: xml gnome org
> Message-ID: <20090118215424 GQ28709 redhat com>
> Content-Type: text/plain; charset=us-ascii
>
> I promised it to Rob :-)
> So a new release is available on the FTP server:
> ftp://xmlsoft.org/pub/xml/
>
> The main changes are a security fix to limit text nodes to 10MB
> sur the HUGE parsing option to override but this should avoid some
> possible security problems, a limited element traversal API (without
> entities recursions though) and a new parser option to enable pre 2.7
> SAX behavior:
>
> + Build fix:
> - fix build when HTML support is not included.
> + Bug fixes:
> - avoid memory overflow in gigantic text nodes
> - indentation problem on the writed (Rob Richards)
> - xmlAddChildList pointer problem (Rob Richards and Kevin Milburn)
> - xmlAddChild problem with attribute (Rob Richards and Kris Breuker)
> - avoid a memory leak in an edge case (Daniel Zimmermann)
> - deallocate some pthread data (Alex Ott).
> + Improvements:
> - configure option to avoid rebuilding docs (Adrian Bunk)
> - limit text nodes to 10MB max by default
> - add element traversal APIs
> - add a parser option to enable pre 2.7 SAX behavior (Rob Richards)
> - add gcc malloc checking (Marcus Meissner)
> - add gcc printf like functions parameters checking (Marcus Meissner).
>
> Thanks a lot for everybody who helped, especially Rob who was also
> very patient :-)
>
> Daniel
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]