[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-49795/libxml2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 10 20:31:35 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2637c684 by Salvatore Bonaccorso at 2025-07-10T21:30:58+02:00
Update status for CVE-2025-49795/libxml2
Thanks: Guilhem Moulin for the triage.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8856,14 +8856,12 @@ CVE-2025-49794 (A use-after-free vulnerability was found in libxml2. This issue
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b
CVE-2025-49795 (A NULL pointer dereference vulnerability was found in libxml2 when pro ...)
- - libxml2 <unfixed> (bug #1107753)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
- [bullseye] - libxml2 <not-affected> (Vulnerable code introduced later)
+ - libxml2 <not-affected> (Vulnerable code introduced later in 2.10.0; bug #1107753)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
+ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2cc93f77543b5721257f795f303bfb56a4b384c7 (v2.10.0)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)
NOTE: Follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)
- NOTE: Introduced by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2cc93f77543b5721257f795f303bfb56a4b384c7 (v2.10.0)
CVE-2025-49796 (A vulnerability was found in libxml2. Processing certain sch:name elem ...)
- libxml2 <unfixed> (bug #1107752)
[bookworm] - libxml2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2637c6846e6f39d7af06aaa061a3495094b3d31a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2637c6846e6f39d7af06aaa061a3495094b3d31a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250710/a2f75492/attachment.htm>
More information about the debian-security-tracker-commits
mailing list