-
libxml2 (2.9.12+dfsg-4ubuntu0.2) impish-security; urgency=medium
* SECURITY UPDATE: Integer overflows
- debian/patches/CVE-2022-29824.patch: Fix integer overflows in
xmlBuf and xmlBuffer in tree.c, buf.c.
- CVE-2022-29824
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 09 May 2022 16:13:07 -0300
-
libxml2 (2.9.12+dfsg-4ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: use-after-free of ID and IDREF attributes
- debian/patches/CVE-2022-23308.patch: normalize ID attributes in
valid.c.
- CVE-2022-23308
-- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 12:57:40 -0500
-
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium
* Team upload.
* Add a few patches from upstream:
+ Work around lxml API abuse.
+ Fix regression in xmlNodeDumpOutputInternal. LP: #1943277
+ Fix whitespace when serializing empty HTML documents.
+ Forbid epsilon-reduction of final states.
+ Fix buffering in xmlOutputBufferWrite.
-- Mattia Rizzolo <email address hidden> Fri, 10 Sep 2021 22:13:09 +0200
-
libxml2 (2.9.12+dfsg-3ubuntu1) impish; urgency=medium
* Fix regression in 2.9.12 (LP: #1943277):
- d/p/upstream/85b1792e37b131e7a51af98a37f92472e8de5f3f.patch:
Add patch from upstream to work around lxml API abuse. Make
xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
parent pointers.
- d/p/upstream/13ad8736d294536da4cbcd70a96b0a2fbf47070c.patch:
Add patch from upstream to fix regression in xmlNodeDumpOutputInternal.
Commit 85b1792e could cause additional whitespace if xmlNodeDump was
called with a non-zero starting level.
- d/p/upstream/92d9ab4c28842a09ca2b76d3ff2f933e01b6cd6f.patch:
Add patch from upstream to fix whitespace when serializing
empty HTML documents.
-- Corey Bryant <email address hidden> Fri, 10 Sep 2021 11:33:12 -0400
-
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Add patch from upstream to fix a regression in the recursion limit for
complex XSLT documents. This also fixed the ruby-nokogiri test failure,
so drop the previously introduced Breaks.
* d/control: Bump Standards-Version to 4.6.0, no changes needed.
-- Mattia Rizzolo <email address hidden> Wed, 01 Sep 2021 16:45:21 +0200
-
libxml2 (2.9.12+dfsg-2) experimental; urgency=medium
* Team upload.
* d/control: Break ruby-nokogiri (<< 1.11.7).
* lintian:
+ Add a link from usr/share/doc/libxml2/gtk-doc
usr/share/gtk-doc/html/libxml2. See #970275
+ Override for package-contains-documentation-outside-usr-share-doc.
* Add two patches to refactor how docs are installed.
* Add a patch to properly install all the documentation we were
previously manually installing.
* d/rules: Use the now working --docdir flag to install the documentation
directly in the right place.
* Move the documentation and examples from /usr/share/doc/libxml2-doc
to /usr/share/doc/libxml2/, following Policy v3.9.7 ยง12.3.
-- Mattia Rizzolo <email address hidden> Thu, 29 Jul 2021 12:22:11 +0200
-
libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium
* Non-maintainer upload.
* Patch for security issue CVE-2021-3541 (Closes: #988603)
-- Salvatore Bonaccorso <email address hidden> Sat, 22 May 2021 08:21:29 +0200
-
libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium
* Non-maintainer upload.
* Upload to unstable.
-- Salvatore Bonaccorso <email address hidden> Thu, 06 May 2021 10:48:16 +0200
-
libxml2 (2.9.10+dfsg-6.3build2) hirsute; urgency=medium
* No-change rebuild to build with lto.
-- Matthias Klose <email address hidden> Mon, 29 Mar 2021 08:04:19 +0200
