Format: 1.8
Date: Wed, 26 May 2021 19:43:37 -0400
Source: libxml2
Architecture: source
Version: 2.9.10+dfsg-5ubuntu0.20.10.2
Distribution: groovy-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Avital Ostromich <avital.ostromich@canonical.com>
Changes:
 libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium
 .
   * SECURITY UPDATE: out-of-bounds read
     - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
       sequences don't cause an out-of-bounds array access in xmllint.
     - CVE-2020-24977
   * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
     - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
       that names aren't stored in dictionaries.
     - CVE-2021-3516
   * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
     - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
       UTF-8 format, supplementing CVE-2020-24977 fix.
     - CVE-2021-3517
   * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
     - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
       list approach to avoid descending into other node types that can't
       contain elements.
     - CVE-2021-3518
   * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
     - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
       to xmlParseElementChildrenContentDeclPriv and return immediately in case
       of errors.
     - CVE-2021-3537
   * SECURITY UPDATE: Exponential entity expansion
     - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
       xmlParserEntityCheck to prevent entity exponential.
     - CVE-2021-3541
Checksums-Sha1:
 2e7b6b9e0b3665a29357b023f6859bdf9d74187d 2947 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.dsc
 90312a790bdc2b1eea39f30eea55049ed82d9886 31608 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.debian.tar.xz
 96e42ca757308c40828a9fef79ebdfee8d79ebc8 6545 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_source.buildinfo
Checksums-Sha256:
 ea579823d4d1397dda2e6fb6f2b484e30de8d40141531af8f48e2d538db4f9ee 2947 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.dsc
 1c6ea76dee99db828adc8d865859c7ccc1d9e77f81e675e1b7d200fa77c5afd3 31608 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.debian.tar.xz
 4cbce223e31c42192bd356493410289950b5f818848e13a0f01551837ddc8fcd 6545 libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_source.buildinfo
Files:
 237fd6e5a0666f7182a77a638f5fd621 2947 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.dsc
 d2fca6f6555bb095f9a82693327517d0 31608 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2.debian.tar.xz
 c0669bd3b0c20f3514f6edf06b5c4c93 6545 libs optional libxml2_2.9.10+dfsg-5ubuntu0.20.10.2_source.buildinfo
Original-Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>