Format: 1.8 Date: Thu, 22 Apr 2021 19:26:37 -0400 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg libxml2-udeb Architecture: armhf Version: 2.9.4+dfsg1-6.1ubuntu1.4 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library - minimal runtime (udeb) libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.4+dfsg1-6.1ubuntu1.4) bionic-security; urgency=medium . * debian/patches/fix-error-handler-bug.patch: Add extra missing commit to previous CVE-2017-8872 fix, halt immediately when the error handler attempts to stop the parser. * SECURITY UPDATE: memory leak - debian/patches/CVE-2019-20388.patch: Memory leak in xmlSchemaValidateStream function in xmlschemas.c. - CVE-2019-20388 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 Checksums-Sha1: cc77c4ac2811134fcc66ac11723e50b5ae004ed0 1672620 libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 47fa52ac964dfbd2e67d26d411ef5da6bdf32395 692072 libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 19bb571047d1032fa0de28b75132da336c672657 1766024 libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_armhf.udeb c862d82c3c2a7333dc808754a63d0c7c1cf21cdc 67212 libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_armhf.ddeb e93a7532da6f0503aadefe8baa04da0d0c4ed79e 34740 libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb f7fa830f6456e3039a930f7714fa269b7f2e0ca6 10948 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.buildinfo dda6c7ce4384fa415fc119e30b8dcc82e32e7a50 568320 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb cc5370b98e906ea5c58ee5466af55b44a1a23eef 320268 python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb c847b3180e16e5d54aa3bf2c3431285e03513f9a 125476 python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 88ab8368e114d2c4d4a9b7862c59cf879a735881 329760 python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb dd40fe2d2ae9f7cb9e4e605b98c9e0b3ae8e12f9 110588 python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb Checksums-Sha256: d6757918ced0f83b8cf7444a094827638ad5f2b4b44ebe29dd2626eb299703df 1672620 libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb b193fb4194bf3b376643d87cf98230fedbd7a81b44497fac15cdea52af442d9c 692072 libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 7c02066613415f808492d9532183e1a6b75ca22cfca903b1a46370db1c966856 1766024 libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_armhf.udeb f26b62a47c83482f3a9ef3404878a1a749ab452ba54796bc5f8248d6f0dcbacc 67212 libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_armhf.ddeb 0f9a21f56a65f8eabaa381295532d46322b333f72c1343c750ffd335adc9c729 34740 libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb ac2d5a611bbb045d12a932c7f2c217c449fc4f601151689838cc634d7529f16e 10948 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.buildinfo 00c91fa381163a1054d2497fe2f8f94873e68c15edf0eb153c690ff0a66d3bd6 568320 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb de3de2065ba37f5f2876c791edf32bddb8b3ea945d813d1ad5d818ea775a295c 320268 python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 46ce92a06f734cde086f8861ecd39872973efc7592a657aeabbdbba30a2d494e 125476 python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 581f868fc4aaf490b7d88175c278fd72a46683d2de8bf2966ff2e0eb7d3b7602 329760 python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 931ea4b097cbd8d5ac30753e54725305427751b35160182d4980d978b6906b0b 110588 python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb Files: 1861e380b81b040728965f1248bb7be2 1672620 debug optional libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb bccd00d39a9db87834594f1bb2311097 692072 libdevel optional libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb c590ad552dcf94336ec4ee3ac0d71aa3 1766024 debian-installer optional libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_armhf.udeb e5effd617c38f39165c5151eef84f810 67212 debug optional libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_armhf.ddeb fd524495f9040d8cdb23d4800d3df6b7 34740 text optional libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 9bc0b9b42f181f5835ebcf3aacbabee0 10948 libs optional libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.buildinfo b81cebb144e86a2034df04208d34f772 568320 libs optional libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 01f6e1435de658c40e9e5408ec715022 320268 debug optional python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 01a40321abff51cdebc3e833fbfe578e 125476 python optional python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 9b82f2aa0ec166711d631d2951749451 329760 debug optional python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb 696583c35f000dcced855a1c65f3c187 110588 python optional python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_armhf.deb Original-Maintainer: Debian XML/SGML Group Package-Type: udeb