Format: 1.8 Date: Wed, 26 May 2021 19:43:37 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-doc libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: amd64 all Version: 2.9.10+dfsg-5ubuntu0.20.10.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: 097f40a055af2d89fa5f732fd3477b20ab5446a8 1915492 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb 3285a9af919a552c583234dd66f33e8c7a34f083 720328 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb f943cb7790ad730fb7c7fe16f87fe91fa13b8e48 769540 libxml2-doc_2.9.10+dfsg-5ubuntu0.20.10.2_all.deb 48b19a1763884524b78ea041124b484d930e71c3 76832 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb d2382ab363317364867a08384815fe711d2eb9da 36948 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 5a0fdd6712e1f6df82a04c741298cd2d04cc7d51 10528 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.buildinfo 08f76fa5450e801ecf184fc60450c0c9b6224cf0 623944 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 7ac667c87e07799fec4d1740605c746b95001339 286968 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 65a422cf6911423a6228e6d512e3408915c955b7 141720 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb b21c2fd10bbf3d9a3c9de7cdba0d4ff111b58040 365460 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 22ea284621976ef22e73a1d802b3641fa925672f 126612 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb Checksums-Sha256: 52c35771120ee5ae788be205ffc86b2aa4a8cbf4fad00f8a5a1f856c5ce0177f 1915492 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb 8eb2f488adde6d193c6f3fc7d7cbd6defdf1d3806be3fdc5a49646d8652644c6 720328 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 320be7ea67e1176fbe0aeb1480cd5569879af81d36d50c0d0673d6ecdba22d3d 769540 libxml2-doc_2.9.10+dfsg-5ubuntu0.20.10.2_all.deb d0cd79d091aaabce0ecdfcd0b9c6ac7d4ea63567ac2cac37676b9bbab7c2013b 76832 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb 9f6c77826d3b375247ddd6460602fa774add73515e05ecbbbe606b303e2830f0 36948 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb f8691a0b9717084e0dedeed707546e08a80c285259e02edbd8a4c95bdc3c2471 10528 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.buildinfo 603040c8275e1029862a709978b81e10d80d3b45883d005273f7b87f7fda92a2 623944 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 02d2ae8fec2e49db71a81c199411e4f771ee7f198d08cd3c010157e7b2aff766 286968 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 281abdbfb387f65e951db370815e19ce34c21637848f0bd9ed8f07ba951a06d2 141720 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb c4fdb79b66193ffec10a2c169c698d30f1109189a589aac13072211b205ab03e 365460 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 07c135621b13bdcdbbf90172387536208779c4fef99cda00f0ad62c4fb06c20c 126612 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb Files: 605dd50451f21f6f3a60664d7e40c30c 1915492 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb f146f442cbe68e121d879498feab9b87 720328 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb aa9b891397219f8ce6877f2c14d25b75 769540 doc optional libxml2-doc_2.9.10+dfsg-5ubuntu0.20.10.2_all.deb d67a0e17b6a235211b5dfb85d3f73fd6 76832 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.ddeb 12984132dbe30be8501654cf8cc3ba6d 36948 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 2455e59f28a3c412cfcf5ef448f09919 10528 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.buildinfo 20ab9346193245da8e741dabcfe89c8f 623944 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 327cbf05847206b8d174ecf18e02b7ba 286968 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 86d208829d0529ad4cee663c412fba6d 141720 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 2678f2fdb44833b7a8d0b13934f59304 365460 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb 354925d149aa4bb2fc095d76b387bb03 126612 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_amd64.deb Original-Maintainer: Debian XML/SGML Group