Format: 1.8 Date: Wed, 26 May 2021 19:43:37 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: s390x Version: 2.9.10+dfsg-5ubuntu0.20.10.2 Distribution: groovy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: 3653588a2bdef6b664e898392a2135ee666b9690 2422432 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb 92b149927cdf57885245ed54fab1add828a5d62a 763632 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 85165cba798c129865aceb09fdbd8c0ff6e3c8c7 81888 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb e86ff9057cc50eefec1b7632599d052b2357ae43 35512 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb cdfef31b52137701005ec1357c453080c0da31fa 10101 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.buildinfo 9b1c00f25494301d2c2478e42bd128f19d3d8a4a 646004 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb e7c68acba560674073bda4d22b47f3102b029cc6 293136 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 10da5ff3a793d7fa31fa9d2112e9650e610a5042 138588 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb afdd5e60b4437f000e8e85bbce2f8ee49afd3de3 390400 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 0322c06ab796fb989ade6f234e82125f6824d175 124504 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb Checksums-Sha256: 215872b08e06a173633acb1a05a116d1d7a68af9e057f7468263f3227a194ae2 2422432 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb b0b6393623fe39cf5f33a5b31c5fbac869ec8e4a7c6da5660692bd3f73616ed4 763632 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb bbf4bea3e21ba87687296c92243510766e0b6136d3add3d595a59deed5d88391 81888 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb 577915e40f2a1d6e94718f60fb73ba3726373e5187c4b528414a85840f2a8b54 35512 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 7c094e7977f8fce2da71c4ecbab1780ed88e3178f8ca102139a66ee4819048a3 10101 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.buildinfo ac5147ba1c960fa3a09621f4acb5d0524ffcd88817f6ab1208de2ed9630164b9 646004 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb c3e8e099443f6a531a1b5fa7a6bebdec9e0197f92c6b18e8068d6143c1e63ab0 293136 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb d842da3973c6ec381527a96e475b6d6da58b1700970b00c3105b6a4c47221ece 138588 python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 5bedd73ea8b0e69e64f99fb09de20df2ec7885c715b2b0de6e89fc4ceaf3f7c0 390400 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb c476b1b1e2f06ea49e889158a5020a5da261e8a80256729541c9e4ede851bb64 124504 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb Files: 7e00e177a27a579473878f99b99bdf3c 2422432 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb 0e87db9cb390ff33de10ffecd2ac9c98 763632 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 94b292182af281c3b0718dbbabd70b00 81888 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.ddeb 4dbb02a1128a440b3f31ca73042cf096 35512 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 2530408ae84c9efee7fbc4fbce86bce3 10101 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.buildinfo 024234918ec9235400f4b939fe8add4d 646004 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb e00150cf39eb79af9cc67591182b1efb 293136 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 724301a0c22dcae1d32d2326a69bc626 138588 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb 1294b2cda1ae166f97ef5fba77fdcfe1 390400 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb e2b8dca6cde827271029ef95cf85f170 124504 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_s390x.deb Original-Maintainer: Debian XML/SGML Group