Re: [xml] xml Digest, Vol 57, Issue 16

From: ww-mailinglist zend com
To: xml gnome org
Subject: Re: [xml] xml Digest, Vol 57, Issue 16
Date: Tue, 20 Jan 2009 11:32:08 +0200

Does it fix CVE-2008-4225 and 
CVE-2008-4226 ?

On Monday 19 January 2009 02:00:35 pm xml-request gnome org wrote:

Send xml mailing list submissions to
      xml gnome org

To subscribe or unsubscribe via the World Wide Web, visit
      http://mail.gnome.org/mailman/listinfo/xml
or, via email, send a message with subject or body 'help' to
      xml-request gnome org

You can reach the person managing the list at
      xml-owner gnome org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of xml digest..."


Today's Topics:

   1. Release of libxml2-2.7.3 (Daniel Veillard)


----------------------------------------------------------------------

Message: 1
Date: Sun, 18 Jan 2009 22:54:24 +0100
From: Daniel Veillard <veillard redhat com>
Subject: [xml] Release of libxml2-2.7.3
To: xml gnome org
Message-ID: <20090118215424 GQ28709 redhat com>
Content-Type: text/plain; charset=us-ascii

  I promised it to Rob :-)
So a new release is available on the FTP server:
   ftp://xmlsoft.org/pub/xml/

The main changes are a security fix to limit text nodes to 10MB
sur the HUGE parsing option to override but this should avoid some
possible security problems, a limited element traversal API (without
entities recursions though) and a new parser option to enable pre 2.7
SAX behavior:

+ Build fix:
 - fix build when HTML support is not included.
+ Bug fixes:
 - avoid memory overflow in gigantic text nodes
 - indentation problem on the writed (Rob Richards)
 - xmlAddChildList pointer problem (Rob Richards and Kevin Milburn)
 - xmlAddChild problem with attribute (Rob Richards and Kris Breuker)
 - avoid a memory leak in an edge case (Daniel Zimmermann)
 - deallocate some pthread data (Alex Ott).
+ Improvements:
 - configure option to avoid rebuilding docs (Adrian Bunk)
 - limit text nodes to 10MB max by default
 - add element traversal APIs
 - add a parser option to enable pre 2.7 SAX behavior (Rob Richards)
 - add gcc malloc checking (Marcus Meissner)
 - add gcc printf like functions parameters checking (Marcus Meissner).

  Thanks a lot for everybody who helped, especially Rob who was also
very patient :-)

Daniel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]