[Git][security-tracker-team/security-tracker][master] 2 commits: Add fixed version for CVE-2025-9714/libxml2.9

Mon Oct 20 14:27:42 BST 2025


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
445199b2 by Guilhem Moulin at 2025-10-20T15:27:32+02:00
Add fixed version for CVE-2025-9714/libxml2.9

- - - - -
8c06e2e9 by Guilhem Moulin at 2025-10-20T15:27:32+02:00
Add notes to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18349,6 +18349,7 @@ CVE-2025-9714 (Uncontrolled recursion inXPath evaluationin libxml2 up to and inc
 	- libxml2 2.14.5+dfsg-0.1
 	[trixie] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
 	[bookworm] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
+	- libxml2.9 2.12.7+dfsg+really2.9.14-2.3
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392605
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 (v2.10.0)


=====================================
data/dla-needed.txt
=====================================
@@ -93,6 +93,8 @@ erlang (jspricke)
 --
 expat (guilhem)
   NOTE: 20250922: Added by Front-Desk (ta)
+  NOTE: 20251020: In progress, the fix for CVE-2025-59375 is very intrusive and
+  NOTE: 20251020: triaging it like CVE-2024-28757 might make sense (guilhem)
 --
 fastdds
   NOTE: 20250303: Added by Front-Desk (rouca)
@@ -230,12 +232,14 @@ libxmltok
 --
 libxslt (guilhem)
   NOTE: 20250930: Added by Front-Desk (rouca)
+  NOTE: 20251020: In progress, waiting for upstream action (guilhem)
 --
 linux (Ben Hutchings)
   NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
 --
 mediawiki (guilhem)
   NOTE: 20251003: Added by Front-Desk (rouca)
+  NOTE: 20251020: In progress (guilhem)
 --
 mimetex
   NOTE: 20250422: Added by Front-Desk (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/413637b23ce5ff76c47c9b4c3ac02e73cd9eea8f...8c06e2e9bd48f0127cbf74121a845b707463ee83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/413637b23ce5ff76c47c9b4c3ac02e73cd9eea8f...8c06e2e9bd48f0127cbf74121a845b707463ee83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/fd96df87/attachment-0001.htm>
