Package "xmlrpc-api-utils"
| Name: |
xmlrpc-api-utils
|
Description: |
Generate C++ wrapper classes for XML-RPC servers
|
| Latest version: |
1.16.33-3.1ubuntu5.2 |
| Release: |
precise (12.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
xmlrpc-c |
| Homepage: |
http://xmlrpc-c.sourceforge.net |
Links
Download "xmlrpc-api-utils"
Other versions of "xmlrpc-api-utils" in Precise
Changelog
|
xmlrpc-c (1.16.33-3.1ubuntu5.2) precise-security; urgency=medium
* SECURITY UPDATE: integer overflows in xmlrpc_XML_GetBuffer
- debian/patches/CVE-2015-1283.patch: add checks to
lib/expat/xmlparse/xmlparse.c.
- CVE-2015-1283
* SECURITY UPDATE: integer overflows in xmlrpc_XML_GetBuffer
- debian/patches/CVE-2016-4472.patch: improved existing fix in
lib/expat/xmlparse/xmlparse.c.
- CVE-2016-4472
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/expat/xmlparse/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits
on 32bit platforms in lib/expat/xmlparse/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/expat/xmlparse/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from
XML_Parser address in lib/expat/xmlparse/xmlparse.c.
- CVE-2016-5300
* SECURITY UPDATE: denial of service and possible code execution via
malformed documents
- debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
and integer overflow in lib/expat/xmlparse/xmlparse.c,
lib/expat/xmltok/xmltok.c, lib/expat/xmltok/xmltok.h,
lib/expat/xmltok/xmltok_impl.c.
- CVE-2016-0718
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 16:23:39 +0300
|
| Source diff to previous version |
| CVE-2015-1283 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all |
| CVE-2012-6702 |
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat |
| CVE-2016-5300 |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of servic |
| CVE-2016-0718 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, whic |
|
|
xmlrpc-c (1.16.33-3.1ubuntu5.1) precise-security; urgency=low
* Run the tests as part of the build process
- debian/patches/FTBFS-tests.patch: Fix issues when running make check.
Based on upstream patches.
- debian/rules: Run make check after building
* Fix dependencies of xmlrpc-api-utils
- debian/control: xml-rcp-api2cpp needs libxmlrpc_cpp.so.4, so depend on
libxmlrpc-c++4
* SECURITY UPDATE: Denial of service via hash collisions
- debian/patches/CVE-2012-0876.patch: Add random salt value to
hash inputs. Based on upstream patch.
- CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
- debian/patches/CVE-2012-1148.patch: Properly reallocate memory.
Based on upstream patch.
- CVE-2012-1148
-- Tyler Hicks <email address hidden> Sun, 09 Sep 2012 22:57:33 -0700
|
| CVE-2012-0876 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which a |
| CVE-2012-1148 |
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (me |
|
About
-
Send Feedback to @ubuntu_updates
