Package "xmlrpc-c"
Name: |
xmlrpc-c
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Generate C++ wrapper classes for XML-RPC servers
|
Latest version: |
1.16.33-3.1ubuntu5.2 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "xmlrpc-c" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
xmlrpc-c (1.16.33-3.1ubuntu5.2) precise-security; urgency=medium
* SECURITY UPDATE: integer overflows in xmlrpc_XML_GetBuffer
- debian/patches/CVE-2015-1283.patch: add checks to
lib/expat/xmlparse/xmlparse.c.
- CVE-2015-1283
* SECURITY UPDATE: integer overflows in xmlrpc_XML_GetBuffer
- debian/patches/CVE-2016-4472.patch: improved existing fix in
lib/expat/xmlparse/xmlparse.c.
- CVE-2016-4472
* SECURITY UPDATE: unanticipated internal calls to srand
- debian/patches/CVE-2012-6702-1.patch: remove srand, use more entropy
in lib/expat/xmlparse/xmlparse.c.
- debian/patches/CVE-2012-6702-2.patch: use a prime that fits 32bits
on 32bit platforms in lib/expat/xmlparse/xmlparse.c.
- CVE-2012-6702
* SECURITY UPDATE: use of too little entropy
- debian/patches/CVE-2016-5300-1.patch: extract method
gather_time_entropy in lib/expat/xmlparse/xmlparse.c.
- debian/patches/CVE-2016-5300-2.patch: extract entropy from
XML_Parser address in lib/expat/xmlparse/xmlparse.c.
- CVE-2016-5300
* SECURITY UPDATE: denial of service and possible code execution via
malformed documents
- debian/patches/CVE-2016-0718.patch: fix out of bounds memory access
and integer overflow in lib/expat/xmlparse/xmlparse.c,
lib/expat/xmltok/xmltok.c, lib/expat/xmltok/xmltok.h,
lib/expat/xmltok/xmltok_impl.c.
- CVE-2016-0718
-- Marc Deslauriers <email address hidden> Tue, 14 Jun 2016 16:23:39 +0300
|
Source diff to previous version |
CVE-2015-1283 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, all |
CVE-2012-6702 |
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat |
CVE-2016-5300 |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of servic |
CVE-2016-0718 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, whic |
|
xmlrpc-c (1.16.33-3.1ubuntu5.1) precise-security; urgency=low
* Run the tests as part of the build process
- debian/patches/FTBFS-tests.patch: Fix issues when running make check.
Based on upstream patches.
- debian/rules: Run make check after building
* Fix dependencies of xmlrpc-api-utils
- debian/control: xml-rcp-api2cpp needs libxmlrpc_cpp.so.4, so depend on
libxmlrpc-c++4
* SECURITY UPDATE: Denial of service via hash collisions
- debian/patches/CVE-2012-0876.patch: Add random salt value to
hash inputs. Based on upstream patch.
- CVE-2012-0876
* SECURITY UPDATE: Denial of service via memory leak
- debian/patches/CVE-2012-1148.patch: Properly reallocate memory.
Based on upstream patch.
- CVE-2012-1148
-- Tyler Hicks <email address hidden> Sun, 09 Sep 2012 22:57:33 -0700
|
CVE-2012-0876 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which a |
CVE-2012-1148 |
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (me |
|
About
-
Send Feedback to @ubuntu_updates