Format: 1.8 Date: Wed, 26 May 2021 19:43:37 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: i386 Version: 2.9.10+dfsg-5ubuntu0.20.10.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: a61deb470e43a0143bc654aedae0b3119165aecf 1731052 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb 6924ed179b732920ad440c990e6e747411dadf09 779532 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb e5e0ddab5a2445a572c97ae23112d2f1ba0c2729 72280 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb a6a7d994e604b91210d381903363650e48997941 38056 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb e9b9db73270500c8c407958017a8706beb21bf96 10107 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.buildinfo dc9db8cd653bc9aa80a861b64a5d5cea37fc1e90 657500 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb aca9eabd6f13f7643f1bdecaa55eeba71fedc4f6 229112 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 7c88e8ac93f5b3997461d45ad0cb418aa1bc8d7c 140404 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 80847505237dbed261b1edd6e2b83e25fadeae8a 307208 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 14f964a7a4296f17f695fa538d7185ac7c1f259c 125816 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb Checksums-Sha256: 9bd17d1e4e98cd66bffdd89cb97e2b769557b180fcb4b0f527c3cc83f0e7be56 1731052 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb 923d367d9794ff21f8a438608813f6da4e3e916181da7351c9acc3c6ec64893d 779532 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 99617faf075c5b38b14876e5825a62d5c4a6b7dfe8b508dfcdedb1124a62236e 72280 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb b6bfc78a0c2e858f0f4b7734cbb7434189cda54dbef7bc41aee2b67975d49f40 38056 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb e2f47e762fb42b0ceac3ba994b582b855d6623fe0d42f870876d9fac243e9ddd 10107 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.buildinfo baa6f5d0d7e259ef106667dd97ed9390cd129abde202b1d8c2c21efcff1ea690 657500 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 73a91222e2636cb6cfafc1c5f8cca4b105ed7c3d952b558a1ed3479e357b0573 229112 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 834f86c2258ac6b7c89d0837a58505b73838f5ddcae895ec13819a352bb52b43 140404 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb fb1b60872e8cfddb1cc8d74bade75c89db5cb8fe2114c88013c1f2ac1378a56b 307208 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb b0380968699d4b2873af72be0e34c0bb824be38e9fc971f61a7d22fcf75119a4 125816 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb Files: ac62d9110524839de12f1702c4853098 1731052 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb 41ce036551eebfe05d2d0b6630c5907b 779532 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb b015d29bf7bdd20f8d120a11abf9c70b 72280 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_i386.ddeb 90794e31cc1b3f8efaa3cba745b03d3f 38056 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 80d50b76a182f159268bbd1cba35fac5 10107 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.buildinfo aa5668a10022ff775ad335739ede9fa9 657500 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 45566d553d6f1ce1b783748a6cf12662 229112 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 30518bb226a818f4ced123bf94014a38 140404 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 5ed23ffd6e5896cdc45dde7b8247b186 307208 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb 9e0c9f4fed3f7aea906b42cdaf0c4498 125816 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_i386.deb Original-Maintainer: Debian XML/SGML Group