Format: 1.8 Date: Thu, 22 Apr 2021 19:26:37 -0400 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg libxml2-udeb Architecture: ppc64el Version: 2.9.4+dfsg1-6.1ubuntu1.4 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Avital Ostromich Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-udeb - GNOME XML library - minimal runtime (udeb) libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.4+dfsg1-6.1ubuntu1.4) bionic-security; urgency=medium . * debian/patches/fix-error-handler-bug.patch: Add extra missing commit to previous CVE-2017-8872 fix, halt immediately when the error handler attempts to stop the parser. * SECURITY UPDATE: memory leak - debian/patches/CVE-2019-20388.patch: Memory leak in xmlSchemaValidateStream function in xmlschemas.c. - CVE-2019-20388 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 Checksums-Sha1: 79c084487df91903a583f037dae3decc10cfb454 1861740 libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 0d3972cf1f3d715206217f6c531cc424d57dca13 747908 libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb a3bb6718dfffaf3d12fee07dabca5d80e0493291 1947064 libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.udeb 109aade67e875523c7f2c8aef3be7c728a891c3e 71592 libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.ddeb d1cdd6e9a193058f6dc7be335d58deaf92d0b0c6 36500 libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 687fefc13f461ca0ce20875eca73a4d8396ccc77 11082 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.buildinfo 0a93b809dc246d295c11bcf7035d69f17ba4a82b 615176 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb e14cce0f916a6a782a3714647e13ce3f89b64765 341248 python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 3ad766605e14490a0c8eddd212ddfd33c41d80c3 132388 python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb da55c7f594f710e9e2ed242b2ff7eaff1864072b 350912 python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb c8e87e7148721f4729fa4b0529fb047dac1fa38f 117272 python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb Checksums-Sha256: c1583fe1835b2144fb9c6ed1cab9ff840d5644a90754536991629b908936749a 1861740 libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 66ff76cfae38859461493838879deeb724dbe1cb24704f2dba78aba40f9ff382 747908 libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 4b8a1d23439fb74b15be5f9118e3afa7212cb02b1f5a78eb9e0c0385d00df740 1947064 libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.udeb ee4703bb5c7c458e1e8aa226343931b3615c3efccf671e0f04f2fd926b568373 71592 libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.ddeb 37735b630d7d3f44ab935774fdb8553bc0fb9ab2b512519c5a3b4cbc9db6e2d2 36500 libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 62073816b23bf70a1ac5b88d03b9f3d981c2ab9dbca4e7f6534b4966bd823ba7 11082 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.buildinfo 59b26776df879608a1433b2544a816a2fdbdcee4da7902c8aca4f1d6b2ff88b4 615176 libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 64f38c6d3c9164386c6fd7fc74bc6363d34d468846c794a1c4a050768cf7c3ac 341248 python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 2e91e0f7b109771cdb2faa3b697cdf3e7759f7b9468494054c89e283afc2be78 132388 python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 890b4f35970fc945feae9dc53debda5eb8e008bf573960b8a68a1afb5b4c4c22 350912 python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 258749c616d93e95f2e1bc795c451aa340654b7c353fee7f4257fa54a6082508 117272 python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb Files: c4b947c54bf0b9ccc07848d9cc6643a3 1861740 debug optional libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 02b34ebaf643cd39139406e97df3343e 747908 libdevel optional libxml2-dev_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 10567ad30243cf7a155429fd25c1412a 1947064 debian-installer optional libxml2-udeb_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.udeb 40bd47f8ebe1f6b02e9a928e6ebdf826 71592 debug optional libxml2-utils-dbgsym_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.ddeb 5c6e707c2a3ade56b0560e1330508e74 36500 text optional libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb ec8fe0b523fb86b56325cbe3975b2086 11082 libs optional libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.buildinfo 225225d45fd89dfaf77173dae9f9dfdb 615176 libs optional libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 07c7f8eea976c7586c0c4e9d9b7ff8ee 341248 debug optional python-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 3a6ade9fb1ce00e066a76b17a4313c28 132388 python optional python-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb ec5246739532d365a8cfa796f84e497f 350912 debug optional python3-libxml2-dbg_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb 4faeafbf4f91a1fc405d5fc35f0699a2 117272 python optional python3-libxml2_2.9.4+dfsg1-6.1ubuntu1.4_ppc64el.deb Original-Maintainer: Debian XML/SGML Group Package-Type: udeb