1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted libxml2 2.9.14+dfsg-1.3~deb12u2 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Thu Jun 26 18:10:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Fri, 06 Jun 2025 16:50:13 +0800
    Source: libxml2
    Architecture: source
    Version: 2.9.14+dfsg-1.3~deb12u2
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
    Changed-By: Aron Xu <aron@debian.org>
    Closes: 1051230 1053629 1063234 1071162 1094238 1098320 1098321 1098322 1102521 1103511
    Changes:
    libxml2 (2.9.14+dfsg-1.3~deb12u2) bookworm-security; urgency=high
    .
    * Security fixes:
    - CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
    (Closes: #1051230)
    - CVE-2023-45322: use-after-free in xmlUnlinkNode()
    (Closes: #1053629)
    - CVE-2024-25062: use-after-free in xmlValidatePopElement()
    (Closes: #1063234)
    - CVE-2025-32414: out-of-bounds read in Python bindings
    (Closes: #1102521)
    - CVE-2025-32415: heap-based buffer under-read via
    xmlSchemaIDCFillNodeTables() (Closes: #1103511)
    - CVE-2022-49043: use-after-free in xmlXIncludeAddNode()
    (Closes: #1094238)
    - CVE-2024-34459: buffer over-read in xmlHTMLPrintFileContext of xmllint
    (Closes: #1071162)
    - CVE-2024-56171: use-after-free after xmlSchemaItemListAdd()
    (Closes: #1098320)
    - CVE-2025-24928: stack-buffer-overflow in xmlSnprintfElements()
    (Closes: #1098321)
    - CVE-2025-27113: NULL pointer dereference in xmlPatMatch()
    (Closes: #1098322)
    Checksums-Sha1:
    4165e7bb14622b6f74db8bb3af1b566276a5a6a2 2610 libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
    b41615e638174b4e36845c68d4b305dd6a6b541f 2351200 libxml2_2.9.14+dfsg.orig.tar.xz
    e120e21a4f48a004f3b4b1633f589510c16196b8 39296 libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
    1a860b74cda936b1b293bf208cc08df06164e47f 5841 libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo
    Checksums-Sha256:
    d6f39c8c5fc3d86a53fd7a977c89b0e83913e4d73c230d77cb36dde5a9bc5a73 2610 libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
    4fe913dec8b1ab89d13b489b419a8203176ea39e931eaa0d25b17eafb9c279e9 2351200 libxml2_2.9.14+dfsg.orig.tar.xz
    da8c62b2137dac24d6cc2d4634c85db5314fc3cc89661bace8974a4966ab6a64 39296 libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
    7e2c1e47e7976f6e9623edb92adef255c86857ee7e8ca3e2232785b54a1cd83d 5841 libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo
    Files:
    f39151b70a2af972b9f032c4515aff37 2610 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
    bbcae2f48d1c9b1413ef953ce87e9346 2351200 libs optional libxml2_2.9.14+dfsg.orig.tar.xz
    ddc82a73596b5e5c97eb3015ebd4edbb 39296 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
    d31ccfd9d6f60d7682954f4a3b3c415c 5841 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmhCroQACgkQNP8o68vM TMjHOQf/W2EEXeXPRKCJp9tN7yaxciyhjRu38dxKd38OjRIhtFQvJwVdef10Xhs+ o2eDx/6lPqu8ShHFLxnvmMRMRpf5qw0RdZRYm8ejT92plFNfjPFak2tNUpeTinWs K5mL8tsfm5lq2poIBkLYXT45/Y4ZZVLzoDafmSpKrGJQNrH5IDpK8104zzTbeRHo 7EOI0ZAKAD0pDMNlD6wbKaTcfZFTHamlQ8l2wNAPXoCe+YjL916cFXDd94igVx+A kLPYQU9SWmmFdlvuXelJ53CbMU3hwL+m6odileUf5AkK5VerMIHBcDO6Z2/vYCLz DQUv+rg43+QdL9DMGVpVJGPv61AweQ==
    =+3cJ
    -----END PGP SIGNATURE-----


    --==============@81912773618142246=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaF1vOwAKCRCb9qggYcy5 Id/1AP4i1m24uJGk/ayVrLAbW4y1r5nhR3B5Oqucc2I5CjDAnAEAgJaaU9V/2z+A nOYFW86ORHlZWFtWlEgYAQrpNipFFwY=v2yz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)