libxml2 (2.9.4+dfsg1-6.1ubuntu1.4) bionic-security; urgency=medium
* debian/patches/fix-error-handler-bug.patch: Add extra missing commit to
previous CVE-2017-8872 fix, halt immediately when the error handler
attempts to stop the parser.
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2019-20388.patch: Memory leak in
xmlSchemaValidateStream function in xmlschemas.c.
- CVE-2019-20388
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
sequences don't cause an out-of-bounds array access in xmllint.
- CVE-2020-24977
* SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
that names aren't stored in dictionaries.
- CVE-2021-3516
* SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
- debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
UTF-8 format, supplementing CVE-2020-24977 fix.
- CVE-2021-3517
* SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
- debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
list approach to avoid descending into other node types that can't
contain elements.
- CVE-2021-3518
* SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
- debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
to xmlParseElementChildrenContentDeclPriv and return immediately in case
of errors.
- CVE-2021-3537
-- Avital Ostromich <email address hidden> Thu, 22 Apr 2021 19:26:37 -0400