Format: 1.8 Date: Wed, 26 May 2021 19:43:37 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: arm64 Version: 2.9.10+dfsg-5ubuntu0.20.10.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: 9614d50ec478e325ffa5213548a68162a4d1841b 1918036 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 5123b132c21ebf2ff5355add8511f24857b92808 680356 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 5f2d20cd9402baf3b53732a7acde9e31d55f1cae 79136 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 1a7485cd2318b5f441b8d77c5ed54f94c1d04125 35196 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 32c3781ca1ce9b63da6c5e2120c1d6fcac63a174 10167 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.buildinfo 89cc60439f5c9e509c5c0fcf3fbb883b47276b9a 559140 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 2e88c18e9a9451573ece00afb48bd301b01de76e 274456 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb f6035a05b9955819e6b1bd9658347946cb25840b 138860 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 3c22529258f49eec1370efe66cfedde628785656 355632 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb d33166e7689b67bf74e88218d7eaf4115bd11dff 124020 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb Checksums-Sha256: b4b8c12224c29a1c70bcc61061eb1eede57b6e804aa6282e1aee42f97361e4a0 1918036 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 0d0fe91a438d4c2f6ad564f45f18e477479ec3830c702e51807b143a349f4786 680356 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 2a6fe5108b1cf441bbe29deb7cb81043c1d517c1290aea20019790232578cd13 79136 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 7abb1ee41e2b3267f932dba8aaca4d803d195cff80557ca6714d5337d18363fc 35196 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 1435af8de49b41e81d66871b81e70090b089752e1826218bf078612f58da4570 10167 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.buildinfo 698526c0d2de0a03a9916abe1b4c2b109bcb21cac77026a12b71d51b70b1c9d8 559140 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 4ce0090685ee8468092c708c1391fcf29a9bb9c6258958b159fde6eb1abf78fa 274456 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb de060918e466310860635b65d426f79ded599ee9fdb0e6313060558c53561cb3 138860 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb b5ee28100371ca302b2b3536606348f7ff9b882521b56eecf4052f38cc90a8ae 355632 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 935492fb9a7f024e6f47d2fa01ef954b2e4b589a2539cdd679985f6fd37132c0 124020 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb Files: 1ebecf431ee42cca4aba120a7b18eac7 1918036 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 24f19ca13c5131e4bfe60f5020067860 680356 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 6170365145fedbdae59fa60cca6ec339 79136 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.ddeb 016154d41c22b010ae9881ca38c5dded 35196 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb fa96d934febb028a0137581b41d2aa5a 10167 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.buildinfo 2dd2b18b855ef2ccef180b64f50251b4 559140 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 2081cc4b1381946f7a2dd7421c924ffb 274456 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 5606778b7aab7947ecc1737cc588c1c5 138860 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 570bcf0a57ce767fa6fc7e061cae0f70 355632 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb 67ef0e077ed6450e2207dbfdda1606a0 124020 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_arm64.deb Original-Maintainer: Debian XML/SGML Group