Format: 1.8 Date: Wed, 26 May 2021 19:43:37 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: armhf Version: 2.9.10+dfsg-5ubuntu0.20.10.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: 196b700d2fe69662a57d9f58b66f7b596de0b3a3 1876408 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb affd3417a5ef2573b59bb9df5de2f2a80f503759 649600 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb c9184cb9579495fd3c8d18fa85306c04484cb328 76716 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb 032ba7084e247dd848bca62b4625faea2e6b94fe 35320 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb b1663dceb3c63083aee52bc27edcbd39d65d3891 10074 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.buildinfo 7e000ea3a492e5212ff195f791d0a1502b709a79 531228 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 482fdda0a7cff741100231b038de7029ae8a9482 271380 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb a24a3e6d859a2cc1f0f3795b7c7e40b66d0f1f5f 130732 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 8d90027d3defda11caf465ec32a309b836126b08 359540 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 1dbf593c66207ffb2473e68a0f9a25f0d78a1157 115888 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb Checksums-Sha256: 8fddd2ccd01394f9880b5c08c9c755cc17102882f7a7ea223aadbd0de88b6b05 1876408 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb df9f1ccd2c9eea7e465c9b1eed08b13d6142428afe6658f0d18bd5d2e4a561eb 649600 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb e4d671ed06af42ed82d80c94c350a135353d49491356d62078530726e7150819 76716 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb b58d4a7a0b8a69997391bb401794f2cb7316cd1e9eb89774e3c1cb1f2914f610 35320 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 4aa45945d451313e7c76490299d070f9abd80e5a42b030c0499d44ef1f66070f 10074 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.buildinfo c5a791f73feade2bf5df0ee54860c49d265c7ed0a69e16925deddc8c2bd1cf7e 531228 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb f9535d908cb589fe9ff188443d95b3c0f4c81c41a4fc44256aed815244baed2d 271380 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb f275ea9ec63e06b1933ccf1a2448be787c77563db5fc6fa97339f6174e0c743e 130732 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 16d25a8aad652ff0364a973a26843e9be93e4a359385fa0c1d7d4bd1172069f9 359540 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 5a8b9ed9f7df2454b43591b68d76f14294a119a1cd82b06b52aa199ee3d0a5d9 115888 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb Files: c605836f4e15a09c25ef3a2b186dd551 1876408 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb 792f104ef7beeea68f09bbf2c0c6e4f8 649600 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 6852b2296ce0e176a12055b0e96f75b0 76716 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.ddeb 2f6a5d0bd1a0388f1723a44029a56aa2 35320 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 171fe66534385985d6b2f66d658714bc 10074 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.buildinfo d2abad010363461b27464393052e546d 531228 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 9a6029d2fc01bb8f12bd77c5f3c3c1a8 271380 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 651352a293d754e7a7c8664ced0fb767 130732 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 3d2b1e8bffe97994b4b77aa05d17ec4a 359540 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb 8aadbf7cef4cbf9a2152b9ea0792c40e 115888 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_armhf.deb Original-Maintainer: Debian XML/SGML Group