libxml2 2.9.10+dfsg-6.3ubuntu0.1 source package in Ubuntu
Changelog
libxml2 (2.9.10+dfsg-6.3ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
that names aren't stored in dictionaries.
- CVE-2021-3516
* SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
UTF-8 format, supplementing CVE-2020-24977 fix.
- CVE-2021-3517
* SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
- debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
list approach to avoid descending into other node types that can't
contain elements.
- CVE-2021-3518
* SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
- debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
to xmlParseElementChildrenContentDeclPriv and return immediately in case
of errors.
- CVE-2021-3537
* SECURITY UPDATE: Exponential entity expansion
- debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
xmlParserEntityCheck to prevent entity exponential.
- CVE-2021-3541
-- Avital Ostromich <email address hidden> Mon, 17 May 2021 18:13:47 -0400
Upload details
- Uploaded by:
- Avital Ostromich
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libxml2_2.9.10+dfsg.orig.tar.xz | 2.4 MiB | 65ee7a2f5e100c64ddf7beb92297c9b2a30b994a76cd1fab67470cf22db6b7d0 |
| libxml2_2.9.10+dfsg-6.3ubuntu0.1.debian.tar.xz | 31.7 KiB | 1841a377b4039fcbe7a3ea2288ff8d9a65f7313126a091710b11769e69dff2b2 |
| libxml2_2.9.10+dfsg-6.3ubuntu0.1.dsc | 2.6 KiB | 13d322e6635061d18443aeb3cd0fd7cca1758f0afa95b5850ca34420f4c788fa |
Available diffs
Binary packages built by this source
- libxml2: No summary available for libxml2 in ubuntu hirsute.
No description available for libxml2 in ubuntu hirsute.
- libxml2-dbgsym: No summary available for libxml2-dbgsym in ubuntu hirsute.
No description available for libxml2-dbgsym in ubuntu hirsute.
- libxml2-dev: No summary available for libxml2-dev in ubuntu hirsute.
No description available for libxml2-dev in ubuntu hirsute.
- libxml2-doc: No summary available for libxml2-doc in ubuntu hirsute.
No description available for libxml2-doc in ubuntu hirsute.
- libxml2-utils: No summary available for libxml2-utils in ubuntu hirsute.
No description available for libxml2-utils in ubuntu hirsute.
- libxml2-utils-dbgsym: No summary available for libxml2-utils-dbgsym in ubuntu hirsute.
No description available for libxml2-
utils-dbgsym in ubuntu hirsute.
- python3-libxml2: No summary available for python3-libxml2 in ubuntu hirsute.
No description available for python3-libxml2 in ubuntu hirsute.
- python3-libxml2-dbg: No summary available for python3-libxml2-dbg in ubuntu hirsute.
No description available for python3-libxml2-dbg in ubuntu hirsute.
