libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #15697)

- CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName https://bugzilla.redhat.com/show_bug.cgi?id=1338686 - CVE-2016-4448 libxml2: Format string vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1338700 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content https://bugzilla.redhat.com/show_bug.cgi?id=1338701 and many other fixed issues, available at http://www.xmlsoft.org/news.html
2016-05-25 09:37:57 -05:00 · 2016-05-25 09:37:57 -05:00 · 772851ff46
commit 772851ff46
parent 69f8016de9
1 changed files with 2 additions and 2 deletions
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@ -3,11 +3,11 @@

 stdenv.mkDerivation rec {
  name = "libxml2-${version}";
-  version = "2.9.3";
+  version = "2.9.4";

  src = fetchurl {
    url = "http://xmlsoft.org/sources/${name}.tar.gz";
-    sha256 = "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad";
+    sha256 = "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz";
  };

  outputs = [ "dev" "out" "bin" "doc" ]