Format: 1.8
Date: Wed, 26 May 2021 19:51:20 -0400
Source: libxml2
Architecture: source
Version: 2.9.10+dfsg-5ubuntu0.20.04.1
Distribution: focal-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Avital Ostromich <avital.ostromich@canonical.com>
Changes:
 libxml2 (2.9.10+dfsg-5ubuntu0.20.04.1) focal-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
       sequences don't cause an out-of-bounds array access in xmllint.
     - CVE-2020-24977
   * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
     - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
       that names aren't stored in dictionaries.
     - CVE-2021-3516
   * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
     - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
       UTF-8 format, supplementing CVE-2020-24977 fix.
     - CVE-2021-3517
   * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
     - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
       list approach to avoid descending into other node types that can't
       contain elements.
     - CVE-2021-3518
   * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
     - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
       to xmlParseElementChildrenContentDeclPriv and return immediately in case
       of errors.
     - CVE-2021-3537
   * SECURITY UPDATE: Exponential entity expansion
     - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
       xmlParserEntityCheck to prevent entity exponential.
     - CVE-2021-3541
Checksums-Sha1:
 36ff4f5c5c2a3ac5e1f5d4a5965bc60782b68b4d 2947 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.dsc
 9eb21192e4f1f731002fb819cac7b3cb30840e48 31560 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.debian.tar.xz
 c6f76395c8a402705a7f725e6c282d9a8fa83b0d 6449 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_source.buildinfo
Checksums-Sha256:
 b2ff47362421366472ffab1c6c7e757fd167e0a2af250b941c9aea825ba74035 2947 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.dsc
 1dab64d99f1f965c5dd7cb2adf0b8faca41f9624ca786e5e282535a80330edd4 31560 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.debian.tar.xz
 e85e1d6da754334f7aee2dd758171c2ed6811f2ea225254ef0b9cfe6166ee6f5 6449 libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_source.buildinfo
Files:
 cb6b7c69d0aaa2813e85c2297033f07f 2947 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.dsc
 a5f5624c5f252489b41dba73c0926466 31560 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.04.1.debian.tar.xz
 76da18afd245a5bbb670001a02b9d3ba 6449 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.04.1_source.buildinfo
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>