[From nobody Wed Mar 25 13:53:07 2026 Received: (at 1125695-close) by bugs.debian.org; 25 Mar 2026 13:51:18 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-112.6 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,MONEY,PGPSIGNATURE, SPF_HELO_PASS,SPF_NONE,STOCKLIKE,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 13; hammy, 150; neutral, 400; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:47920) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w5Odi-001iZx-0Z for 1125695-close@bugs.debian.org; Wed, 25 Mar 2026 13:51:18 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1w5Odg-00Gd0Y-2n for 1125695-close@bugs.debian.org; Wed, 25 Mar 2026 13:51:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=caMdeJ2443V95X6HKw/5nBbAebAyHY5DQr+afg3u+rA=; b=eBGL5PlyO/ofB3XVTh7RzrjTFF uV9zk2tiVtx28bUZ+owhjIs3R1mGINY/AZDOtfaHD96jCKiL8dwd679yqUfU71rkyUnXII1c8hL5F RLFyCYh+6bYYySY1i4txH0+XFW091x/M1Zg+p5eaoUJ3QtmW5PyWokkwWAAm7vHTfUz4KzJK/U0kq opSaxtKwVr0Bbahs0wq8AyDbxI3gZGGuq/rLUYop89T14VoreRvB1CIRuNYYwrvDzr6cvRzBAZ6GE Omaz5jwEUhXfgBN5yu+9HDTKe0l+U6jbw5sA6vlnGC2bSo3xVx2YLeQYGOjU+RUmgmcpd8dS2xvG5 5sumU2Jg==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1w5Odf-000000024AR-42e0; Wed, 25 Mar 2026 13:51:15 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Matthias Klose <doko@debian.org> To: 1125695-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: libxml2 Debian: DAK Debian-Changes: libxml2_2.15.2+dfsg-0.1_source.changes Debian-Source: libxml2 Debian-Version: 2.15.2+dfsg-0.1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1125695: fixed in libxml2 2.15.2+dfsg-0.1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============2803144039105638204==" Message-Id: <E1w5Odf-000000024AR-42e0@fasolo.debian.org> Date: Wed, 25 Mar 2026 13:51:15 +0000 X-CrossAssassin-Score: 2 --===============2803144039105638204== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: libxml2 Source-Version: 2.15.2+dfsg-0.1 Done: Matthias Klose <doko@debian.org> We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1125695@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Klose <doko@debian.org> (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Mar 2026 14:30:48 +0100 Source: libxml2 Architecture: source Version: 2.15.2+dfsg-0.1 Distribution: unstable Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.o= rg> Changed-By: Matthias Klose <doko@debian.org> Closes: 1125691 1125695 1125696 Changes: libxml2 (2.15.2+dfsg-0.1) unstable; urgency=3Dhigh . * Non-maintainer upload. * New upstream bug fix release. Security issues: - CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c - CVE-2026-0990 fix: Prevent infinite recursion in xmlCatalogListXMLResolve. Closes: #1125695. - CVE-2026-0992 fix: Exponential behavior when handling parser: Fix infinite loop in xmlCtxtParseContent. Closes: #1125696. - CVE-2025-10911 libxslt related: Ignore next/prev of documents when traversing XPath - CVE-2026-0989 fix: Add RelaxNG include limit. Closes: #1125691. - xmlIO: use size_t for buffer size reallocation - uri: fix signed integer overflow in xmlBuildRelativeURISafe - schematron: fix memory leaks on error paths in xmlSchematronParseRule - catalog: fix stack overflow from self-referencing SGML CATALOG entries Improvements - fuzz: Make fuzzy encoding match more lenient - Fix C14N type confusion - meson: Fix build with Meson < 1.3 - xmllint: Use zlib directly - xmllint: New option to separate xpath results using null, --xpath0 - autotools: Make valgrind actually check for leaks - meson: Add valgrind test setup - Fix xmlOutputBufferGetContent output when encoder is set - threads: don't force _WIN32_WINNT to Vista if it's set to a higher val= ue - dist: Add generated documentation to the dist as "dist-doc" folder to simplify downstream packaging of doc - Fix xmlRemoveEntity removing from wrong hash table - use duplicating variant in relaxng to mitigate UAF - Fix memory leak in xmlTextWriterStartAttributeNS on OOM - meson: remove hardcoded buildtype=3Ddebug default - Fix memory leak of prefix in xmlTextWriterStartElementNS() - writer: Add a few extra NULL checks to avoid memory leaks on corrupt writer path. * Update symbols file. * Don't include the sources twice in the libxml2-source package. * Bump standards version. Checksums-Sha1: e6c69c4e157f3a2f9e2bb7937048d2bebca1c9ea 3135 libxml2_2.15.2+dfsg-0.1.dsc 91e7c42834c2aa65b17c3bf6d985ed12ff07e59b 2154608 libxml2_2.15.2+dfsg.orig.ta= r.xz f10e58f6748678d98b50266248e1a50f1e080619 36120 libxml2_2.15.2+dfsg-0.1.debia= n.tar.xz f4bc86d5fcb8739757ea93c7ff8a52d74f264cff 5928 libxml2_2.15.2+dfsg-0.1_source= .buildinfo Checksums-Sha256: 0566b1577d262cae50587a57ac5de746cc7e7b36e33c8351782d88a53cc8a341 3135 libxml= 2_2.15.2+dfsg-0.1.dsc f1e80b8c76041d45840b96da2a5c0ddfb7ffcc923ef6687260e7ebb0fdaa26a5 2154608 lib= xml2_2.15.2+dfsg.orig.tar.xz c58645a5c10a351cda92c0e145e96c754ec061bb4363f09d18f951693997369e 36120 libxm= l2_2.15.2+dfsg-0.1.debian.tar.xz 8da88d0fd3c1171a83a404b3052445db9994d86de2843a37dc725ddd71d4bdd6 5928 libxml= 2_2.15.2+dfsg-0.1_source.buildinfo Files: fb9dabce7a5338c721449ec1811ec84b 3135 libs optional libxml2_2.15.2+dfsg-0.1.= dsc 47fa2efacc4b6612e721df9581714663 2154608 libs optional libxml2_2.15.2+dfsg.o= rig.tar.xz 0ceab70f5e7363733da900bfba784f67 36120 libs optional libxml2_2.15.2+dfsg-0.1= .debian.tar.xz 3dcbd76ab4d5cc3b160a6a1ee4f41a5f 5928 libs optional libxml2_2.15.2+dfsg-0.1_= source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmnD5L0QHGRva29AZGVi aWFuLm9yZwAKCRC9fqpgd4+m9fe1D/9VfiT3zM+VJr74EBEQRtB6gwgQStVKNMxu mH89TljIgjRoxXjvxhzzBp0ebww5aAw0rmJmssmRg6rhnGU6Re0ULg3ab3dQGSwo bjFKBEAMIJPKF59xG+ECB0HgEAkNqpamdsrJjd1T/0Dcdz+ApgItSiwCqIcU4g0m EQdN02SYltB6KnWYvdw4iM4aLqyR69sNViN6HnX9YeJn/JzieeC+UhoUw90r4JxK YkGctTmKK5M6sJWwz0Z/8wk6DRT5qQsPsfLYeqPsS3sNq3anr8jGXMMN5bDn+Peg Miyq+BwxUyWTb5ENcI3nslIYXeqipaxodoOyzCrAPA/6Ayg4m/ZofO+99Tr07vig qBki0Umh8/FCyT4bIZnew2SdsX71a1V/QkvT25FUaQR6RaUrqSBNsNeu21T2Ppkp PEZM8+s9bEeVUyQV0Wm8BlePwhJp7P8Y7a9Ljn6DJ0h2HMj2WpCaiygya+ocFa46 6iquZi0F7sfQ+bat4qeoXFzso0bsQIDQdvJF3wn1CIyzDNQ3X872Y0GNhelaPSOy ofXOfpeYwQEKIbuzCgntzV/fbrO+vGBq9n13e3SuHHrGYU2ZL9iyKJuFi1EZZ+IL J8KKd6i+ln68ioTM8J0mNtyXFIFLvsQmRZciflLCHB4SYOU0zbGRCj0Yp4LtzpLY kV9FFWUJsw=3D=3D =3D6xN2 -----END PGP SIGNATURE----- --===============2803144039105638204== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCacPoUwAKCRCb9qggYcy5 IWbYAP0cjT9l+/WOIhhzNySv1y20pikmofpCgCrllAGu82a8BgEA2en/rEX3cXqz ueuthybQs9CPqCmyzj32h31nQnpoegE= =rhLP -----END PGP SIGNATURE----- --===============2803144039105638204==-- ]