Ubuntu
libxml2 package

libxml2 2.9.10+dfsg-5ubuntu0.20.10.2 source package in Ubuntu

Changelog

libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
      sequences don't cause an out-of-bounds array access in xmllint.
    - CVE-2020-24977
  * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
      that names aren't stored in dictionaries.
    - CVE-2021-3516
  * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
      UTF-8 format, supplementing CVE-2020-24977 fix.
    - CVE-2021-3517
  * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
    - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
      list approach to avoid descending into other node types that can't
      contain elements.
    - CVE-2021-3518
  * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
    - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
      to xmlParseElementChildrenContentDeclPriv and return immediately in case
      of errors.
    - CVE-2021-3537
  * SECURITY UPDATE: Exponential entity expansion
    - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
      xmlParserEntityCheck to prevent entity exponential.
    - CVE-2021-3541

 -- Avital Ostromich <email address hidden>  Wed, 26 May 2021 19:43:37 -0400

Upload details

Uploaded by:
Avital Ostromich
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libxml2_2.9.10+dfsg.orig.tar.xz 2.4 MiB 65ee7a2f5e100c64ddf7beb92297c9b2a30b994a76cd1fab67470cf22db6b7d0
libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.debian.tar.xz 30.9 KiB 1c6ea76dee99db828adc8d865859c7ccc1d9e77f81e675e1b7d200fa77c5afd3
libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.dsc 2.9 KiB ea579823d4d1397dda2e6fb6f2b484e30de8d40141531af8f48e2d538db4f9ee

View changes file

Binary packages built by this source

libxml2: No summary available for libxml2 in ubuntu groovy.

No description available for libxml2 in ubuntu groovy.

libxml2-dbgsym: No summary available for libxml2-dbgsym in ubuntu groovy.

No description available for libxml2-dbgsym in ubuntu groovy.

libxml2-dev: No summary available for libxml2-dev in ubuntu groovy.

No description available for libxml2-dev in ubuntu groovy.

libxml2-doc: No summary available for libxml2-doc in ubuntu groovy.

No description available for libxml2-doc in ubuntu groovy.

libxml2-utils: No summary available for libxml2-utils in ubuntu groovy.

No description available for libxml2-utils in ubuntu groovy.

libxml2-utils-dbgsym: No summary available for libxml2-utils-dbgsym in ubuntu groovy.

No description available for libxml2-utils-dbgsym in ubuntu groovy.

python-libxml2: No summary available for python-libxml2 in ubuntu groovy.

No description available for python-libxml2 in ubuntu groovy.

python-libxml2-dbg: No summary available for python-libxml2-dbg in ubuntu groovy.

No description available for python-libxml2-dbg in ubuntu groovy.

python3-libxml2: No summary available for python3-libxml2 in ubuntu groovy.

No description available for python3-libxml2 in ubuntu groovy.

python3-libxml2-dbg: No summary available for python3-libxml2-dbg in ubuntu groovy.

No description available for python3-libxml2-dbg in ubuntu groovy.