ELSA-2012-1288

Описание

[2.7.6-8.0.1.el6_3.3 ]

• Update doc/redhat.gif in tarball
• Add libxml2-oracle-enterprise.patch and update logos in tarball

[2.7.6-8.el6_3.3]

• Change the XPath code to percolate allocation error (CVE-2011-1944)

[2.7.6-8.el6_3.2]

• Fix an off by one pointer access (CVE-2011-3102)

[2.7.6-8.el6_3.1]

• Fix a failure to report xmlreader parsing failures
• Fix parser local buffers size problems (rhbz#843741)
• Fix entities local buffers size problems (rhbz#843741)
• Fix an error in previous commit (rhbz#843741)
• Do not fetch external parsed entities
• Impose a reasonable limit on attribute size (rhbz#843741)
• Impose a reasonable limit on comment size (rhbz#843741)
• Impose a reasonable limit on PI size (rhbz#843741)
• Cleanups and new limit APIs for dictionaries (rhbz#843741)
• Introduce some default parser limits (rhbz#843741)
• Implement some default limits in the XPath module
• Fixup limits parser (rhbz#843741)
• Enforce XML_PARSER_EOF state handling through the parser
• Avoid quadratic behaviour in some push parsing cases (rhbz#843741)
• More avoid quadratic behaviour (rhbz#843741)
• Strengthen behaviour of the push parser in problematic situations (rhbz#843741)
• More fixups on the push parser behaviour (rhbz#843741)
• Fix a segfault on XSD validation on pattern error
• Fix an unimplemented part in RNG value validation

[2.7.6-8.el6]

• remove chunk in patch related to configure.in as it breaks rebuild
• Resolves: rhbz#788846

[2.7.6-7.el6]

• fix previous build to force compilation of randomization code
• Resolves: rhbz#788846

[2.7.6-6.el6]

• adds randomization to hash and dict structures CVE-2012-0841
• Resolves: rhbz#788846

[2.7.6-5.el6]

• Make sure the parser returns when getting a Stop order CVE-2011-3905
• Fix an allocation error when copying entities CVE-2011-3919
• Resolves: rhbz#771910