Overview

Request 406725 accepted

- Version update to 3.1.4:
* Fixes bnc#985860 CVE-2016-4463
* xerces-c-CVE-2016-2099.patch removed as it was included upstream

- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs

- Resolve rpmlint warnings of type "version-control-internal-file"

- Update to 3.1.3
* bug fixes
+ memcpy used on overlapping memory regions causes sanity test failure
+ Typo in XMLUni::fgUnknownURIName constant
+ Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.

- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)

Request History
Tomáš Chvátal's avatar

scarabeus_iv created request

- Version update to 3.1.4:
* Fixes bnc#985860 CVE-2016-4463
* xerces-c-CVE-2016-2099.patch removed as it was included upstream

- Use pkgconfig requires
- Disable "pretty" make to make it bit faster
- Fix the selfobsoleting provides/requires to silence rpmlint
- Use valid group for the docs

- Resolve rpmlint warnings of type "version-control-internal-file"

- Update to 3.1.3
* bug fixes
+ memcpy used on overlapping memory regions causes sanity test failure
+ Typo in XMLUni::fgUnknownURIName constant
+ Buffer overruns in prolog parsing and error handling
- Dropped xerces-c-CVE-2016-0729.patch, fixed upstream.

- added xerces-c-CVE-2016-2099.patch
Exception handling mistake causing use after free
(bsc#979208, CVE-2016-2099)
- xerces-c-CVE-2016-0729.patch
Fix for mishandling certain kinds of malformed input documents,
resulting in buffer overlows during processing and error reporting.
The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. (bsc#966822, CVE-2016-0729)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto added factory-repo-checker as a reviewer

Please review build success

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

Dominique Leuenberger's avatar

dimstar_suse added openSUSE:Factory:Staging:D as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:D"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked openSUSE:Factory:Staging:D

Factory Repo Checker's avatar

factory-repo-checker reopened review

Factory Repo Checker's avatar

factory-repo-checker accepted review

Builds for repo openSUSE:Factory:Staging:D:DVD/standard

Dominique Leuenberger's avatar

dimstar accepted review

Dominique Leuenberger's avatar

dimstar_suse accepted review

ready to accept

Dominique Leuenberger's avatar

dimstar_suse approved review

ready to accept

Dominique Leuenberger's avatar

dimstar_suse accepted request

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by
Places