-
libxml2 (2.9.14+dfsg-1.3ubuntu0.1) mantic-security; urgency=medium
* SECURITY UPDATE: use-after-free via XInclude expansion
- debian/patches/CVE-2024-25062.patch: don't expand XIncludes when
backtracking in xmlreader.c.
- CVE-2024-25062
-- Marc Deslauriers <email address hidden> Fri, 16 Feb 2024 13:12:19 -0500
-
libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
* Non-maintainer upload.
* Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
* Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
-- Salvatore Bonaccorso <email address hidden> Sat, 08 Jul 2023 21:18:29 +0200
-
libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
* schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
* Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484)
(Closes: #1034436)
* Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
(Closes: #1034437)
-- Salvatore Bonaccorso <email address hidden> Sat, 15 Apr 2023 16:25:06 +0200
-
libxml2 (2.9.14+dfsg-1.1build2) lunar; urgency=medium
* Rebuild to drop Python 3.10 extension
-- Jeremy Bicha <email address hidden> Wed, 01 Mar 2023 22:09:21 -0500
