Format: 1.8 Date: Wed, 26 May 2021 19:51:20 -0400 Source: libxml2 Binary: libxml2 libxml2-dev libxml2-utils python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: arm64 Version: 2.9.10+dfsg-5ubuntu0.20.04.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.10+dfsg-5ubuntu0.20.04.1) focal-security; urgency=medium . * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 Checksums-Sha1: 90f0ce7872fd1f8bd674963b2f768052aaba3aa4 1938492 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb f2755c5e2dddeb2ca182fec95e88097276822955 693408 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 3cb766104f9432e5678e34f39e2cd54d69488dd5 79820 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb b6f1d82f29f8877cf43fff75cf8ac1aecd54fd30 35272 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 1a295d8752e963912a48dd1d693f4c63084dbb98 9997 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.buildinfo a9b442d12ba1b37091f1a27a4605c0dfb18a216e 571876 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb a2c18fc13f2051a933ea638fd2d326ee41412c8a 279636 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb d2b40bf1eaeed017c3f454735fb6b673b43e2d97 137840 python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb fed260fe3e09dfcc9737b82cb2cc416fcb1a9e0d 366864 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 3c577e3405b9bb8f30e023e7cfb0e0ef744bf987 123320 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb Checksums-Sha256: d15d90cc3a047c426616bd3497dfc5e283c77113d0cf3bfa995a4c8f731629fe 1938492 libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb d338e1830ad70db95a2c0e4f995a18d2a0b415d6beff5a23017949cd8496a21e 693408 libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb d7600610902a7b18493a4e3a068a626f6556c6da7fa818ae371ca353570ae23f 79820 libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb 8b5b3e7ae232900077a764196f1d85f68ed0e193a565df7fd4bcf23347a4e53c 35272 libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 88fda821ef1906108a1194eaaec3195238a3c4d178fa6062cfea94c33f7cedab 9997 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.buildinfo a397cc64ae02fe516929324cc3b74b9cd1b6aac38673779e03f57d15a0d86092 571876 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 4b6ef75cb2eb9ebf3aad17b42118029b92038263df9574f4e80ccc165c7af805 279636 python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 3596f24d195372acfff60b255fd1c3b6bd3e9ff82dfb4ce80a82b35d3a63c038 137840 python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 3749e7126956cee045602e88ab7ed56bff9f738f9e88812eb0d0e0d4a41d1c93 366864 python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 734abb910bfa426bffb8746193bf0c72923de441aceb7848390a92529db040d2 123320 python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb Files: a877d8412583e554661e53694ba529f7 1938492 debug optional libxml2-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb b9a8f765b6a4b4f5f0bce1d405840732 693408 libdevel optional libxml2-dev_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb e745b5601ef75b94a558349bdaba98a6 79820 debug optional libxml2-utils-dbgsym_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.ddeb f4abcbe256b1847b4414b55ab70fe6e1 35272 text optional libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 800e0d366a36073e6df119fcb5ca4744 9997 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.buildinfo 62b4ccc89e58ab18473580157dc88b06 571876 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb bdd4a75a23aa09d29939407e852e175c 279636 debug optional python-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 1da13592a75a90b2c22bf078f667793f 137840 python optional python-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb c435f6d0d653efad56c439403206bb13 366864 debug optional python3-libxml2-dbg_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb 29c1391dd6a628fab046a4aa1de744b4 123320 python optional python3-libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_arm64.deb Original-Maintainer: Debian XML/SGML Group