-
libxml2 (2.9.14+dfsg-1.1ubuntu0.1) lunar-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-2309.patch: reset nsNr in
xmlCtxReset in parser.c (LP: #1996494).
- CVE-2022-2309
* SECURITY UPDATE: Null dereference
- debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in
xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType
when parsing (invalid) XML schemas in
result/schemas/oss-fuzz-51295_0_0.err,
test/schemas/oss-fuzz-51295_0.xml,
test/schemas/oss-fuzz-51295_0.xsd,
xmlschemas.c.
- CVE-2023-28484
* SECURITY UPDATE: Logic or memory errors and double frees
- debian/patches/CVE-2023-29469.patch: check namelen less equal zero in
dict.c.
- CVE-2023-29469
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Jun 2023 13:24:32 -0300
-
libxml2 (2.9.14+dfsg-1.1build2) lunar; urgency=medium
* Rebuild to drop Python 3.10 extension
-- Jeremy Bicha <email address hidden> Wed, 01 Mar 2023 22:09:21 -0500
-
libxml2 (2.9.14+dfsg-1.1build1) lunar; urgency=medium
* Rebuild against latest icu
-- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 10:46:36 -0500
-
libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
(Closes: #1022224)
* Fix dict corruption caused by entity reference cycles (CVE-2022-40304)
(Closes: #1022225)
-- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2022 11:18:06 +0100
-
libxml2 (2.9.14+dfsg-1build1) lunar; urgency=medium
* No-change rebuild with Python 3.11 as supported
-- Graham Inggs <email address hidden> Wed, 02 Nov 2022 08:29:44 +0000
-
libxml2 (2.9.14+dfsg-1) unstable; urgency=high
* Team upload.
* New upstream version 2.9.14+dfsg.
+ Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526
-- Mattia Rizzolo <email address hidden> Thu, 05 May 2022 14:43:51 +0200