diff options
author | Graham Christensen <graham@grahamc.com> | 2016-05-25 09:37:57 -0500 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2016-05-25 18:28:52 +0200 |
commit | 772851ff46be1c16c417766671a0e701668d8195 (patch) | |
tree | a2be6e8dd8b743cce9fe23519c2e60e637a5a065 /pkgs/development/libraries/libxml2 | |
parent | 69f8016de9e93d58850f0b3bee8597a30e76dc35 (diff) |
libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #15697)
- CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName https://bugzilla.redhat.com/show_bug.cgi?id=1338686 - CVE-2016-4448 libxml2: Format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1338700 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content https://bugzilla.redhat.com/show_bug.cgi?id=1338701 and many other fixed issues, available at http://www.xmlsoft.org/news.html
Diffstat (limited to 'pkgs/development/libraries/libxml2')
-rw-r--r-- | pkgs/development/libraries/libxml2/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix index 7229b10e01c49..b6f769078ad4a 100644 --- a/pkgs/development/libraries/libxml2/default.nix +++ b/pkgs/development/libraries/libxml2/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "libxml2-${version}"; - version = "2.9.3"; + version = "2.9.4"; src = fetchurl { url = "http://xmlsoft.org/sources/${name}.tar.gz"; - sha256 = "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad"; + sha256 = "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz"; }; outputs = [ "dev" "out" "bin" "doc" ] |