diffstat of debian/ for libxml2_2.7.8.dfsg-5.1 libxml2_2.7.8.dfsg-5.1ubuntu4.17 changelog | 327 +++++++++++++++++++++++++++++++++++++++++++++++++++ compat | 2 control | 24 +++ libxml2-dev.install | 8 - libxml2-udeb.install | 2 libxml2.install | 2 libxml2.symbols | 1 rules | 10 + 8 files changed, 364 insertions(+), 12 deletions(-) diff -u libxml2-2.7.8.dfsg/debian/libxml2.install libxml2-2.7.8.dfsg/debian/libxml2.install --- libxml2-2.7.8.dfsg/debian/libxml2.install +++ libxml2-2.7.8.dfsg/debian/libxml2.install @@ -1 +1 @@ -usr/lib/libxml2.so.* +usr/lib/*/libxml2.so.* diff -u libxml2-2.7.8.dfsg/debian/rules libxml2-2.7.8.dfsg/debian/rules --- libxml2-2.7.8.dfsg/debian/rules +++ libxml2-2.7.8.dfsg/debian/rules @@ -45,7 +45,8 @@ build-python%: BUILD_DIR=build/main/$* build-python%: BUILD_FLAGS = libxml2mod_la_LIBADD='$$(mylibs)' -build-python%-dbg: BUILD_FLAGS += PYTHON_INCLUDES=/usr/include/$(*:-dbg=_d) LDFLAGS="-L$(CURDIR)/debian/tmp/usr/lib" CFLAGS="-Wall -g -O0" +build-python%-dbg: BUILD_FLAGS += PYTHON_INCLUDES=/usr/include/$(*:-dbg=_d) \ + LDFLAGS="-L$(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)" CFLAGS="-Wall -g -O0" override_dh_auto_clean: rm -rf build debian/tmp-dbg @@ -102,7 +103,10 @@ dh_install -Npython-libxml2-dbg -Nlibxml2-udeb dh_install -ppython-libxml2-dbg --sourcedir=debian/tmp-dbg dh_install -plibxml2-udeb --sourcedir=debian/tmp-udeb - sed "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/libxml2.la > debian/libxml2-dev/usr/lib/libxml2.la + sed "/dependency_libs/ s/'.*'/''/" debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libxml2.la > \ + debian/libxml2-dev/usr/lib/$(DEB_HOST_MULTIARCH)/libxml2.la + # for multiarch xml2-config needs to be identical on all archs + sed -i -e 's,/usr/lib/$(DEB_HOST_MULTIARCH),/usr/lib,' debian/libxml2-dev/usr/bin/xml2-config override_dh_strip: dh_strip -a --dbg-package=libxml2-dbg -Npython-libxml2 -Npython-libxml2-dbg @@ -121 +125 @@ - dh --with python2 $@ + dh $@ --with python2 diff -u libxml2-2.7.8.dfsg/debian/libxml2-dev.install libxml2-2.7.8.dfsg/debian/libxml2-dev.install --- libxml2-2.7.8.dfsg/debian/libxml2-dev.install +++ libxml2-2.7.8.dfsg/debian/libxml2-dev.install @@ -1,7 +1,7 @@ usr/bin/xml2-config -usr/lib/libxml2.so -usr/lib/libxml2.a -usr/lib/xml2Conf.sh +usr/lib/*/libxml2.so +usr/lib/*/libxml2.a +usr/lib/*/xml2Conf.sh usr/share/aclocal -usr/lib/pkgconfig +usr/lib/*/pkgconfig usr/include/libxml2 diff -u libxml2-2.7.8.dfsg/debian/compat libxml2-2.7.8.dfsg/debian/compat --- libxml2-2.7.8.dfsg/debian/compat +++ libxml2-2.7.8.dfsg/debian/compat @@ -1 +1 @@ -7 +9 diff -u libxml2-2.7.8.dfsg/debian/control libxml2-2.7.8.dfsg/debian/control --- libxml2-2.7.8.dfsg/debian/control +++ libxml2-2.7.8.dfsg/debian/control @@ -1,10 +1,11 @@ Source: libxml2 Priority: optional Section: libs -Maintainer: Debian XML/SGML Group +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian XML/SGML Group Uploaders: Mike Hommey Standards-Version: 3.9.2.0 -Build-Depends: debhelper (>= 7.0.50~), zlib1g-dev | libz-dev, python-all-dev (>= 2.6.6-3~), python-all-dbg, autotools-dev, libreadline-dev | libreadline5-dev, binutils (>= 2.14.90.0.7), dpkg-dev (>= 1.14.9), perl +Build-Depends: debhelper (>= 8.1.3), zlib1g-dev | libz-dev, python-all-dev (>= 2.6.6-3~), python-all-dbg, autotools-dev, libreadline-dev | libreadline5-dev, binutils (>= 2.14.90.0.7), perl Homepage: http://xmlsoft.org/ Vcs-Git: git://git.debian.org/debian-xml-sgml/libxml2.git Vcs-Browser: http://git.debian.org/?p=debian-xml-sgml/libxml2.git @@ -15,6 +16,8 @@ Section: libs Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: xml-core +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same Description: GNOME XML library XML is a metalanguage to let you design your own markup language. A regular markup language defines a way to describe information in @@ -30,6 +33,7 @@ Architecture: any Section: text Depends: ${shlibs:Depends}, ${misc:Depends} +Multi-Arch: foreign Description: XML utilities XML is a metalanguage to let you design your own markup language. A regular markup language defines a way to describe information in @@ -46,6 +50,7 @@ Architecture: any Section: libdevel Depends: libxml2 (= ${binary:Version}), ${misc:Depends} +Multi-Arch: same Description: Development files for the GNOME XML library XML is a metalanguage to let you design your own markup language. A regular markup language defines a way to describe information in @@ -125,0 +131,15 @@ +Package: libxml2-udeb +XC-Package-Type: udeb +Architecture: any +Section: debian-installer +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: GNOME XML library - minimal runtime + XML is a metalanguage to let you design your own markup language. + A regular markup language defines a way to describe information in + a certain class of documents (eg HTML). XML lets you define your + own customized markup languages for many classes of document. It + can do this because it's written in SGML, the international standard + metalanguage for markup languages. + . + This is a minimal package for use in debian-installer that yields a + library providing an extensive API to handle such XML data files. diff -u libxml2-2.7.8.dfsg/debian/changelog libxml2-2.7.8.dfsg/debian/changelog --- libxml2-2.7.8.dfsg/debian/changelog +++ libxml2-2.7.8.dfsg/debian/changelog @@ -1,3 +1,321 @@ +libxml2 (2.7.8.dfsg-5.1ubuntu4.17) precise-security; urgency=medium + + * SECURITY UPDATE: format string vulnerabilities + - fix format string warnings in HTMLparser.c, SAX2.c, catalog.c, + configure, configure.in, debugXML.c, encoding.c, entities.c, error.c, + include/libxml/parserInternals.h, include/libxml/xmlerror.h, + include/libxml/xmlstring.h, libxml.h, parser.c, parserInternals.c, + relaxng.c, schematron.c, testModule.c, valid.c, xinclude.c, xmlIO.c, + xmllint.c, xmlreader.c, xmlschemas.c, xmlstring.c, xmlwriter.c, + xpath.c, xpointer.c. + - 4472c3a5a5b516aaf59b89be602fbce52756c3e9 + - 502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b + - d77e5fc4bcdb7da748c9cca116a601ae4df60d21 + - debian/libxml2.symbols: added new symbol. + - CVE-2016-4448 + * SECURITY UPDATE: use-after-free via namespace nodes in XPointer ranges + - disallow namespace nodes in XPointer ranges in xpointer.c. + - c1d1f7121194036608bf555f08d3062a36fd344b + - CVE-2016-4658 + * SECURITY UPDATE: use-after-free in XPointer range-to function + - fix XPointer paths beginning with range-to and fix comparison with + root node in xmlXPathCmpNodesin xpath.c, xpointer.c. + - 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e + - a005199330b86dada19d162cae15ef9bdcb6baa8 + - CVE-2016-5131 + + -- Marc Deslauriers Wed, 15 Mar 2017 09:00:55 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.15) precise-security; urgency=medium + + * SECURITY UPDATE: heap-based buffer overread in xmlNextChar + - return after error in parser.c. + - a7a94612aa3b16779e2c74e1fa353b5d9786c602 + - CVE-2016-1762 + * SECURITY UPDATE: heap-based buffer overread in htmlCurrentChar + - clear up NULL deref, handle 0-length entities and fix tests in + parserInternals.c. + - ff76eb28c75451bc56e3b93f44dac155ca29e7f5 + - fdfeecc1b73b0318466f0d61f0b8881ed9d92dd2 + - 0bcd05c5cd83dec3406c8f68b769b1d610c72f76 + - CVE-2016-1833 + * SECURITY UPDATE: heap-buffer-overflow in xmlStrncat + - check for negative lengths in xmlstring.c. + - 8fbbf5513d609c1770b391b99e33314cd0742704 + - CVE-2016-1834 + * SECURITY UPDATE: heap use-after-free in xmlSAX2AttributeNs + - add check to parser.c, add tests to result/errors/759020.xml.err, + result/errors/759020.xml.str, test/errors/759020.xml. + - 38eae571111db3b43ffdeb05487c9f60551906fb + - CVE-2016-1835 + * SECURITY UPDATE: heap use-after-free in htmlParsePubidLiteral and + htmlParseSystemiteral + - prevent stable pointer usage in HTMLparser.c. + - 11ed4a7a90d5ce156a18980a4ad4e53e77384852 + - CVE-2016-1837 + * SECURITY UPDATE: heap-based buffer overread in + xmlParserPrintFileContextInternal + - add bounds check to parser.c, + add tests to result/errors/758588.xml.err, + result/errors/758588.xml.str, test/errors/758588.xml. + - db07dd613e461df93dde7902c6505629bf0734e9 + - CVE-2016-1838 + * SECURITY UPDATE: heap-based buffer overread in xmlDictAddString + - add bounds check to HTMLparser.c. + - a820dbeac29d330bae4be05d9ecd939ad6b4aa33 + - CVE-2015-8806 + - CVE-2016-1839 + - CVE-2016-2073 + * SECURITY UPDATE: heap-buffer-overflow in xmlFAParsePosCharGroup + - properly handle error in xmlregexp.c. + - cbb271655cadeb8dbb258a64701d9a3a0c4835b4 + - CVE-2016-1840 + * SECURITY UPDATE: avoid building recursive entities + - properly handle recursion in parser.c, tree.c. + - bdd66182ef53fe1f7209ab6535fda56366bd7ac9 + - CVE-2016-3627 + * SECURITY UPDATE: recursion depth counter issue + - properly could recursion depth in parser.c. + - 8f30bdff69edac9075f4663ce3b56b0c52d48ce6 + - CVE-2016-3705 + * SECURITY UPDATE: heap-based buffer-underreads due to xmlParseName + - improve error handling in parser.c. + - 00906759053986b8079985644172085f74331f83 + - CVE-2016-4447 + * SECURITY UPDATE: inappropriate fetch of entities content + - fix another external entity fetch in parser.c. + - b1d34de46a11323fccffa9fadeb33be670d602f5 + - CVE-2016-4449 + * SECURITY UPDATE: out of bound access when serializing malformed strings + - improve string handling in xmlsave.c. + - c97750d11bb8b6f3303e7131fe526a61ac65bcfd + - CVE-2016-4483 + + -- Marc Deslauriers Fri, 03 Jun 2016 09:11:38 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.14) precise-security; urgency=medium + + * SECURITY UPDATE: incomplete fix for out of bounds read in xmlGROW + (LP: #1525996) + - add extra commits to this previously-fixed CVE + - parser.c: reuse xmlHaltParser() where it makes sense. + - e3b1597421ad7cbeb5939fc3b54f43f141c82366 + - error.c: do not print error context when there is none. + - ce0b0d0d81fdbb5f722a890432b52d363e4de57b + - CVE-2015-7499 + * SECURITY UPDATE: out of bounds memory access via unclosed html comment + - HTMLparser.c: fix parsing short unclosed comment uninitialized + access. + - e724879d964d774df9b7969fc846605aa1bac54c + - CVE-2015-8710 + + -- Marc Deslauriers Thu, 14 Jan 2016 13:16:09 -0500 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.13) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via entity expansion issue + - parser.c: properly exit when entity expansion is detected. + - https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e + - CVE-2015-5312 + * SECURITY UPDATE: heap buffer overflow in xmlDictComputeFastQKey + - dict.c: check offset. + - https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 + - CVE-2015-7497 + * SECURITY UPDATE: denial of service via encoding conversion failures + - parser.c: avoid processing entities after encoding conversion + failures. + - https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 + - CVE-2015-7498 + * SECURITY UPDATE: out of bounds read in xmlGROW + - parser.c: add xmlHaltParser() to stop the parser and check input. + - https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc + - https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da + - CVE-2015-7499 + * SECURITY UPDATE: out of bounds read in xmlParseMisc + - parser.c: check entity boundaries. + - https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f + - CVE-2015-7500 + * SECURITY UPDATE: denial of service via extra processing of MarkupDecl + - parser.c: add extra EOF check. + - https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe + - CVE-2015-8241 + * SECURITY UPDATE: buffer overead with HTML parser in push mode + - HTMLparser.c: use pointer in the input in. + - https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 + - CVE-2015-8242 + * SECURITY UPDATE: denial of service via encoding failures + - parser.c: do not process encoding values if the declaration is broken + and fail parsing if the encoding conversion failed. + - https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c + - https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e + - CVE-2015-8317 + + -- Marc Deslauriers Wed, 09 Dec 2015 12:35:41 -0500 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.12) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via XEE attack + - include/libxml/tree.h, tree.c, xmlreader.c: enforce the reader to run + in constant memory. + - patch obtained from Debian's 2.7.8.dfsg-2+squeeze12 package. + - CVE-2015-1819 + * SECURITY UPDATE: denial of service via out-of-bounds read + - parser.c: stop parsing on entities boundaries errors. + - https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 + - https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 + - CVE-2015-7941 + * SECURITY UPDATE: overflow in conditional sections + - parser.c: properly check input. + - https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d + - https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450 + - CVE-2015-7942 + + -- Marc Deslauriers Fri, 13 Nov 2015 09:28:57 -0500 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.11) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via entity expansion + - parser.c, SAX2.c, include/libxml/entities.h: refactor entity checking + and add additional tests. + - https://git.gnome.org/browse/libxml2/commit/?id=a3f1e3e5712257fd279917a9158278534e8f4b72 + - https://git.gnome.org/browse/libxml2/commit/?id=cff2546f13503ac028e4c1f63c7b6d85f2f2d777 + - https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230 + - CVE-2014-3660 + + -- Marc Deslauriers Wed, 22 Oct 2014 12:16:42 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.9) precise-security; urgency=medium + + * SECURITY REGRESSION: more xmllint regressions (LP: #1321869) + - use upstream commit which includes additional regression fixes to + parser.c. + - https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825 + + -- Marc Deslauriers Fri, 13 Jun 2014 09:11:38 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.8) precise-security; urgency=medium + + * SECURITY REGRESSION: xmllint no longer loads entities with --postvalid + (LP: #1321869) + - Thanks to Alexey Neyman for proposed patch + - https://mail.gnome.org/archives/xml/2014-May/msg00003.html + + -- Marc Deslauriers Fri, 06 Jun 2014 12:32:11 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.7) precise-security; urgency=medium + + * SECURITY UPDATE: resource exhaustion via external parameter entities + - parser.c: do not fetch external parameter entities. + - https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df + - CVE-2014-0191 + + -- Marc Deslauriers Thu, 08 May 2014 14:30:38 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.6) precise-security; urgency=low + + * SECURITY REGRESSION: regression with lxml (LP: #1201849) + - parser.c: revised to fix regression, and a couple of wrong return + values. + - CVE-2013-2877 + + -- Marc Deslauriers Tue, 16 Jul 2013 14:05:24 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.5) precise-security; urgency=low + + * SECURITY UPDATE: external entity expansion attack (LP: #1194410) + - do not fetch external parsed entities in parser.c, added test to + test/errors/extparsedent.xml, result/errors/extparsedent.xml. + - https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f + - CVE-2013-0339 + * SECURITY UPDATE: denial of service via incomplete document + - try to stop parsing as quickly as possible in parser.c, + include/libxml/xmlerror.h. + - https://git.gnome.org/browse/libxml2/commit/?id=48b4cdde3483e054af8ea02e0cd7ee467b0e9a50 + - https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869 + - CVE-2013-2877 + + -- Marc Deslauriers Thu, 11 Jul 2013 14:57:48 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.4) precise-security; urgency=low + + * SECURITY UPDATE: denial of service via entity expansion + - include/libxml/parser.h, parser.c, parserInternals.c: limit number of + entity expansions, thanks to Daniel Veillard. + - http://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab + - CVE-2013-0338 + + -- Marc Deslauriers Tue, 26 Mar 2013 10:11:00 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.3) precise-security; urgency=low + + * SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex() + - debian/patches/CVE-2012-5134.patch: add array bounds checking in + parser.c, thanks to Daniel Veillard + - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d + - CVE-2012-5134 + + -- Seth Arnold Tue, 04 Dec 2012 11:39:55 -0800 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.2) precise-security; urgency=low + + * SECURITY UPDATE: denial of service and possible code execution via + incorrect buffer sizes. + - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626 + - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28 + - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a + - CVE-2012-2807 + + -- Marc Deslauriers Wed, 26 Sep 2012 13:10:43 -0400 + +libxml2 (2.7.8.dfsg-5.1ubuntu4.1) precise-security; urgency=low + + * SECURITY UPDATE: Fix an off by one pointer access in xpointer.c + - d8e1faeaa99c7a7c07af01c1c72de352eb590a3e + - CVE-2011-3102 + + -- Jamie Strandboge Fri, 18 May 2012 08:55:39 -0500 + +libxml2 (2.7.8.dfsg-5.1ubuntu4) precise; urgency=low + + * SECURITY UPDATE: add randomization to dictionaries with hash tables + help prevent denial of service via hash algorithm collision + - configure.in: lookup for rand, srand and time + - dict.c: add randomization to dictionaries hash tables + - hash.c: add randomization to normal hash tables + - 8973d58b7498fa5100a876815476b81fd1a2412a + - CVE-2012-0841 + + -- Jamie Strandboge Tue, 28 Feb 2012 07:20:11 -0600 + +libxml2 (2.7.8.dfsg-5.1ubuntu3) precise; urgency=low + + * various fixes for __xmlRaiseError (LP: #686363). This can be dropped in + 2.7.8.dfsg-6 + - 111d705c282e03e7202723c6c7e4499f8582bd4f + - 1b9128bae737fa559f5e2c191d6679a856efbad9 + - 241d4a1069e6bedd0ee2295d7b43858109c1c6d1 + - c2a0fdc4e6d106690d7fd8fa1677e133c94e155d + + -- Jamie Strandboge Thu, 19 Jan 2012 11:59:30 -0600 + +libxml2 (2.7.8.dfsg-5.1ubuntu2) precise; urgency=low + + * SECURITY UPDATE: denial of service via buffer overflow + - parser.c: fix an allocation error when copying entities + - 5bd3c061823a8499b27422aee04ea20aae24f03e + - CVE-2011-3919 + + -- Jamie Strandboge Wed, 18 Jan 2012 13:03:04 -0600 + +libxml2 (2.7.8.dfsg-5.1ubuntu1) precise; urgency=low + + * Merge from Debian testing, remaining changes: + - Build for multiarch. + - Use debhelper compat 9 instead of hardcoding --libdir. + - Move the udeb contents back into /usr/lib. + + -- Steve Langasek Thu, 12 Jan 2012 09:18:30 +0100 + libxml2 (2.7.8.dfsg-5.1) unstable; urgency=high * Non-maintainer upload. @@ -8,6 +326,15 @@ -- Luk Claes Fri, 30 Dec 2011 18:31:13 +0100 +libxml2 (2.7.8.dfsg-5ubuntu1) precise; urgency=low + + * Build for multiarch; thanks to Riku Voipio for the patch. + Closes: #643026. + * Use debhelper compat 9 instead of hardcoding --libdir. + * Move the udeb contents back into /usr/lib. + + -- Steve Langasek Wed, 19 Oct 2011 22:00:20 -0700 + libxml2 (2.7.8.dfsg-5) unstable; urgency=low * xpath.c, xpointer.c, include/libxml/xpath.h: Hardening of XPath evaluation. diff -u libxml2-2.7.8.dfsg/debian/libxml2.symbols libxml2-2.7.8.dfsg/debian/libxml2.symbols --- libxml2-2.7.8.dfsg/debian/libxml2.symbols +++ libxml2-2.7.8.dfsg/debian/libxml2.symbols @@ -81,6 +81,7 @@ xmlAllocOutputBufferInternal@Base 2.7.1 xmlAutomataSetFlags@Base 2.7.4 xmlCharEncFirstLineInt@Base 2.7.4 + xmlEscapeFormatString@Base 2.7.8.dfsg-5.1ubuntu4.16 xmlGenericErrorDefaultFunc@Base 2.6.27 xmlMallocBreakpoint@Base 2.6.27 xmlNsListDumpOutput@Base 2.6.27 diff -u libxml2-2.7.8.dfsg/debian/libxml2-udeb.install libxml2-2.7.8.dfsg/debian/libxml2-udeb.install --- libxml2-2.7.8.dfsg/debian/libxml2-udeb.install +++ libxml2-2.7.8.dfsg/debian/libxml2-udeb.install @@ -1 +1 @@ -usr/lib/libxml2.so.* +usr/lib/*/libxml2.so.* usr/lib