-
libxml2 (2.9.14+dfsg-1ubuntu0.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Null dereference
- debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in
xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType
when parsing (invalid) XML schemas in
result/schemas/oss-fuzz-51295_0_0.err,
test/schemas/oss-fuzz-51295_0.xml,
test/schemas/oss-fuzz-51295_0.xsd,
xmlschemas.c.
- CVE-2023-28484
* SECURITY UPDATE: Logic or memory errors and double frees
- debian/patches/CVE-2023-29469.patch: check namelen less equal zero in
dict.c.
- CVE-2023-29469
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Apr 2023 07:48:55 -0300
-
libxml2 (2.9.14+dfsg-1ubuntu0.1) kinetic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-2309.patch: reset nsNr in
xmlCtxReset in parser.c (LP: #1996494).
- CVE-2022-2309
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-40303.patch: fix integer overflows
with XML_PARSE_HUGE in parser.c.
- CVE-2022-40303
* SECURITY UPDATE: Double-free
- debian/patches/CVE-2022-40304.patch: fix dict
corruption caused by entity ref cycles in
entities.c.
- CVE-2022-40304
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 29 Nov 2022 16:23:02 -0300
-
libxml2 (2.9.14+dfsg-1) unstable; urgency=high
* Team upload.
* New upstream version 2.9.14+dfsg.
+ Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526
-- Mattia Rizzolo <email address hidden> Thu, 05 May 2022 14:43:51 +0200
-
libxml2 (2.9.13+dfsg-1build2) kinetic; urgency=medium
* No-change rebuild against latest icu
-- Jeremy Bicha <email address hidden> Fri, 29 Apr 2022 08:06:01 -0400
-
libxml2 (2.9.13+dfsg-1build1) jammy; urgency=medium
* No-change rebuild with Python 3.10 only
-- Graham Inggs <email address hidden> Thu, 17 Mar 2022 19:28:02 +0000
