stable

libplist-2.0.0-1.fc24

FEDORA-2017-3849af4477 created by pbrobinson 5 years ago for Fedora 24

Version 2.0.0

Changes:

  • New light-weight custom XML parser
  • Remove libxml2 dependency
  • Refactor binary plist parsing
  • Improved malformed XML and binary plist detection and error handling
  • Add parser debug/error output (when compiled with --enable-debug), controlled via environment variables
  • Fix unicode character handling
  • Add PLIST_IS_* helper macros for the different node types
  • Extend date/time range and date conversion issues
  • Add plist_is_binary() and plist_from_memory() functions to the interface
  • Plug several memory leaks
  • Speed improvements for handling large plist files

Includes security fixes for:

  • CVE-2017-6440
  • CVE-2017-6439
  • CVE-2017-6438
  • CVE-2017-6437
  • CVE-2017-6436
  • CVE-2017-6435
  • CVE-2017-5836
  • CVE-2017-5835
  • CVE-2017-5834
  • CVE-2017-5545
  • CVE-2017-5209

... and several others that didn't receive any CVE (yet).

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2017-3849af4477

This update has been submitted for testing by pbrobinson.

5 years ago

This update has been pushed to testing.

5 years ago
User Icon filiperosset commented & provided feedback 5 years ago
karma

no regressions noted

User Icon pwhalen commented & provided feedback 5 years ago
karma

Looks good.

This update has been submitted for stable by pbrobinson.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Builds
1
libplist-2.0.0-1.fc24
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1412613 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data
0
0
BZ#1412614 CVE-2017-5209 libplist: base64decode buffer over-read via split encoded Apple Property List data [fedora-all]
0
0
BZ#1416008 CVE-2017-5545 libplist: Heap-buffer overflow in plistutil [fedora-all]
0
0
BZ#1418597 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 libplist: various flaws [fedora-all]
0
0
BZ#1432951 CVE-2017-6436 libplist: Integer overflow in parse_string_node
0
0
BZ#1432954 CVE-2017-6437 libplist: Out-of-bounds heap read in base64encode function
0
0
BZ#1432956 CVE-2017-6438 libplist: Heap-based buffer overflow in parse_unicode_node
0
0
BZ#1432959 CVE-2017-6439 libplist: Heap-based buffer overflow in parse_string_node
0
0
BZ#1432965 CVE-2017-6440 libplist: Memory allocation error in parse_data_node
0
0
BZ#1432971 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 CVE-2017-7982 libplist: various flaws [fedora-all]
0
0
libplist-2.0.0-1.fc24

Automated Test Results

Copyright © 2007-2023 Red Hat, Inc. and others.

Running bodhi-server 7.1.0^202303051452git9e0caad on bodhi-web-85-skwwj.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy