[ol7_latest] libxml2-2.9.1-6.0.3.el7_9.6.aarch64

Name:	libxml2
Version:	2.9.1
Release:	6.0.3.el7_9.6
Architecture:	aarch64
Group:	Development/Libraries
Size:	1742518
License:	MIT
RPM:	libxml2-2.9.1-6.0.3.el7_9.6.aarch64.rpm
Source RPM:	libxml2-2.9.1-6.0.3.el7_9.6.src.rpm
Build Date:	Tue Oct 12 2021
Build Host:	build-ol7-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://xmlsoft.org/
Summary:	Library providing XML and HTML support
Description:	This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream or and in-memory DOM like representations. In this case one can use the built-in XPath and XPointer implementation to select sub nodes or ranges. A flexible Input/Output mechanism is available, with existing HTTP and FTP modules and combined to an URI library.

Changelog (Show File list) (Show related packages)

Tue Oct 12 2021 EL Errata <el-errata_ww@oracle.com> - 2.9.1-6.0.3

- Rebuild to include attribution logo [Orabug: 33024216]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball

Mon Sep 27 2021 David King <dking@redhat.com> - 2.9.1-6.6
```
- Fix CVE-2016-4658 (#1966916)
```

Wed Apr 22 2020 David King <dking@redhat.com> - 2.9.1-6.5

- Fix CVE-2019-19956 (#1793000)
- Fix CVE-2019-20388 (#1810057)
- Fix CVE-2020-7595 (#1810073)
- Fix xsd:any schema validation (#1812145)

Fri Nov 01 2019 David King <dking@redhat.com> - 2.9.1-6.4

- Fix CVE-2015-8035 (#1595697)
- Fix CVE-2018-14404 (#1602817)
- Fix CVE-2017-15412 (#1729857)
- Fix CVE-2016-5131 (#1714050)
- Fix CVE-2017-18258 (#1579211)
- Fix CVE-2018-1456 (#1622715)

Mon Jun 06 2016 Daniel Veillard <veillard@redhat.com> - libxml2-2.9.1-6.3

- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat <https://bugzilla.gnome.org/show_bug.cgi?id=763071> (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711> (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal <https://bugzilla.gnome.org/show_bug.cgi?id=758588> (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605> (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey <https://bugzilla.gnome.org/show_bug.cgi?id=759398> (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability (CVE-2016-4448)

Mon Nov 30 2015 Daniel Veillard <veillard@redhat.com> - 2.9.1-6.2

- Fix a series of CVEs (rhbz#1286496)
- CVE-2015-7941 Stop parsing on entities boundaries errors
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- CVE-2015-1819 Enforce the reader to run in constant memory

Mon Mar 23 2015 Daniel Veillard <veillard@redhat.com> - 2.9.1-6

- Fix missing entities after CVE-2014-3660 fix
- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
- Fix regressions introduced by CVE-2014-0191 patch

Sat Oct 11 2014 Daniel Veillard <veillard@redhat.com> - 2.9.1-5.1

- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)

Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.9.1-5
```
- Mass rebuild 2014-01-24
```
Wed Jan 15 2014 Daniel Veillard <veillard@redhat.com> - 2.9.1-4
```
- rebuild to activate -O3 on ppc64 rhbz#1051068
```