Hello community, here is the log from the commit of package libxml2 checked in at Mon Oct 6 18:24:26 CEST 2008. -------- --- libxml2/libxml2.changes 2008-09-10 17:19:45.000000000 +0200 +++ /mounts/work_src_done/STABLE/libxml2/libxml2.changes 2008-10-06 14:50:56.000000000 +0200 @@ -1,0 +2,5 @@ +Mon Oct 6 14:50:38 CEST 2008 - prusnak@suse.cz + +- fixed CVE-2008-4409 [bnc#432486] + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- libxml2-2.7.1-CVE-2008-4409.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2-python.spec ++++++ --- /var/tmp/diff_new_pack.N21618/_old 2008-10-06 18:23:30.000000000 +0200 +++ /var/tmp/diff_new_pack.N21618/_new 2008-10-06 18:23:30.000000000 +0200 @@ -25,7 +25,7 @@ AutoReqProv: on Summary: Python Bindings for libxml2 Version: 2.7.1 -Release: 3 +Release: 4 Source: libxml2-%{version}.tar.bz2 Source1: libxml2-python-rpmlintrc %py_requires ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.N21618/_old 2008-10-06 18:23:30.000000000 +0200 +++ /var/tmp/diff_new_pack.N21618/_new 2008-10-06 18:23:30.000000000 +0200 @@ -24,12 +24,14 @@ Group: System/Libraries Summary: A Library to Manipulate XML Files Version: 2.7.1 -Release: 3 +Release: 4 Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-OPENSUSE libxml2-2.7.1-printf.patch Patch0: %{name}-%{version}-printf.patch -# PATCH-FIX-OPENSUSE libxml2-alloc_size.patch meissner@novell.com +# PATCH-FIX-OPENSUSE libxml2-2.7.1-alloc_size.patch meissner@novell.com Patch1: %{name}-%{version}-alloc_size.patch +# PATCH-FIX-UPSTREAM libxml2-2.7.1-CVE-2008-4409.patch [bgo#554660] [bnc#432486] +Patch2: %{name}-%{version}-CVE-2008-4409.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://xmlsoft.org @@ -139,6 +141,7 @@ %setup -q %patch0 %patch1 +%patch2 %build %configure \ @@ -197,6 +200,8 @@ %dir %{_datadir}/gtk-doc/html %changelog +* Mon Oct 06 2008 prusnak@suse.cz +- fixed CVE-2008-4409 [bnc#432486] * Tue Sep 09 2008 meissner@suse.de - added GCC attribute alloc_size markup (alloc_size.patch) * Wed Sep 03 2008 prusnak@suse.cz ++++++ libxml2-2.7.1-CVE-2008-4409.patch ++++++ --- parser.c +++ parser.c @@ -7225,8 +7225,10 @@ * Predefined entites override any extra definition */ ent = xmlGetPredefinedEntity(name); - if (ent != NULL) + if (ent != NULL) { + *str = ptr; return(ent); + } /* * Increate the number of entity references parsed ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de