[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-0992/libxml2: Add reference to follow-up commits

Guilhem Moulin (@guilhem) guilhem at debian.org
Sun Jun 7 00:38:28 BST 2026 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b17f8d5 by Guilhem Moulin at 2026-06-07T00:46:46+02:00
CVE-2026-0992/libxml2: Add reference to follow-up commits

Cf. https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1040

- - - - -
420abe4e by Guilhem Moulin at 2026-06-07T01:36:53+02:00
CVE-2026-6732/libxml2: Reference commit introducing the issue

Discovered by manually checking and the blame log and confirmed per
(former) upstream maintainer at
https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1097#note_2735437

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28656,10 +28656,12 @@ CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnera
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6732 (A flaw was found in libxml2. This vulnerability occurs when the librar ...)
 	- libxml2 2.15.3+dfsg-1 (bug #1134866)
+	[bullseye] - libxml2 <not-affected> (Vulnerable code not present)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/226b560837b90dea9b14431eca6e6fda8fb01ab4 (master)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/7cea3fd1557437b88f2c7b5e1b71a2d5fb152b55 (master)
+	NOTE: Introduced with: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e1153832b0a31b872517ab582641630e2d14cec7 (v2.13.0)
 CVE-2026-6393 (The BetterDocs plugin for WordPress is vulnerable to Missing Authoriza ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6376 (A weakness in SpiceJet\u2019s public booking retrieval page permits fu ...)
@@ -76050,7 +76052,11 @@ CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resour
 	[bullseye] - libxml2 <postponed> (Minor issue, DoS)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
+	NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522
+	NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4af23b523de5b72f27faf3e8e8a99dde5f7b82a2 (v2.15.2)
+	NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/096402c942e9d9a049f283eb4e6da431289900e1 (v2.15.2)
+	NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2)
 CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...)
 	- libxml2 2.15.2+dfsg-0.1 (bug #1125695)
 	[trixie] - libxml2 <no-dsa> (Minor issue)
@@ -76058,7 +76064,9 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontr
 	[bullseye] - libxml2 <postponed> (Minor issue, DoS)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982
+	NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ac6f0fde1476c41f59ad0c68ada3394599ebf2ae (v2.15.2)
+	NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2)
 CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to how  ...)
 	- libxml2 2.15.2+dfsg-0.1 (bug #1125691)
 	[trixie] - libxml2 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd7c034bb2b7d1187eb6577530dda262bac0cf33...420abe4e44d8d3c74bcc2f36d32973025c39271f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd7c034bb2b7d1187eb6577530dda262bac0cf33...420abe4e44d8d3c74bcc2f36d32973025c39271f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260606/e86aaa2f/attachment.htm>

More information about the debian-security-tracker-commits mailing list