[Git][security-tracker-team/security-tracker][master] Reserve DSA for libxml2
Aron Xu (@aron)
aron at debian.org
Wed Jun 25 19:53:48 BST 2025
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker
Commits:
045962d9 by Aron Xu at 2025-06-26T02:53:22+08:00
Reserve DSA for libxml2
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -24632,7 +24632,6 @@ CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command Injecti
CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...)
{DLA-4146-1}
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1102521)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in ...)
NOT-FOR-US: Vulnerability-Lookup
@@ -151878,7 +151877,6 @@ CVE-2024-25062 (An issue was discovered in libxml2 before 2.11.7 and 2.12.x befo
{DLA-4064-1}
[experimental] - libxml2 2.12.5+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1063234)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7 (v2.11.7)
@@ -174078,7 +174076,6 @@ CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur
{DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1053629)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <postponed> (Minor issue, very hard/unlikely to trigger)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
NOTE: Originally fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0)
@@ -180020,7 +180017,6 @@ CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-boun
{DLA-4064-1}
[experimental] - libxml2 2.12.3+dfsg-0exp1
- libxml2 2.12.7+dfsg+really2.9.14-1 (bug #1051230)
- [bookworm] - libxml2 <no-dsa> (Minor issue)
[buster] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 (v2.12.0)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jun 2025] DSA-5949-1 libxml2 - security update
+ {CVE-2022-49043 CVE-2023-39615 CVE-2023-45322 CVE-2024-25062 CVE-2024-34459 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 CVE-2025-32414 CVE-2025-32415}
+ [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u2
[24 Jun 2025] DSA-5948-1 trafficserver - security update
{CVE-2024-53868 CVE-2025-31698 CVE-2025-49763}
[bookworm] - trafficserver 9.2.5+ds-0+deb12u3
=====================================
data/dsa-needed.txt
=====================================
@@ -37,8 +37,6 @@ jpeg-xl
libreswan
Waiting on feedback from maintainer
--
-libxml2 (aron)
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045962d96e2d463eb273e5285b7f5160f3ed0b41
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/045962d96e2d463eb273e5285b7f5160f3ed0b41
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/7bada4e4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list