[Git][security-tracker-team/security-tracker][master] Reserve DLA-4622-1 for libxml2

Mon Jun 8 09:59:18 BST 2026


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
761b1688 by Guilhem Moulin at 2026-06-08T10:58:56+02:00
Reserve DLA-4622-1 for libxml2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76720,7 +76720,6 @@ CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resour
 	- libxml2 2.15.2+dfsg-0.1 (bug #1125696)
 	[trixie] - libxml2 <no-dsa> (Minor issue)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
-	[bullseye] - libxml2 <postponed> (Minor issue, DoS)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
 	NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522
@@ -76732,7 +76731,6 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontr
 	- libxml2 2.15.2+dfsg-0.1 (bug #1125695)
 	[trixie] - libxml2 <no-dsa> (Minor issue)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
-	[bullseye] - libxml2 <postponed> (Minor issue, DoS)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982
 	NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f
@@ -76742,7 +76740,6 @@ CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to
 	- libxml2 2.15.2+dfsg-0.1 (bug #1125691)
 	[trixie] - libxml2 <no-dsa> (Minor issue)
 	[bookworm] - libxml2 <no-dsa> (Minor issue)
-	[bullseye] - libxml2 <postponed> (Minor issue, DoS)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/998
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/66c52b3ac6c32ab112ec2a3bf41e6c30948be113 (v2.15.2)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Jun 2026] DLA-4622-1 libxml2 - security update
+	{CVE-2025-8732 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757}
+	[bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u10
 [08 Jun 2026] DLA-4621-1 glibc - security update
 	{CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 CVE-2026-4046}
 	[bullseye] - glibc 2.31-13+deb11u14


=====================================
data/dla-needed.txt
=====================================
@@ -309,10 +309,6 @@ libtext-csv-xs-perl/bullseye
   NOTE: 20260519: Added by Front-Desk (Beuc)
   NOTE: 20260519: Follow trixie 13.5 (1 CVE) (Beuc/front-desk)
 --
-libxml2/bullseye (guilhem)
-  NOTE: 20260519: Added by Front-Desk (Beuc)
-  NOTE: 20260519: CVE-2026-6732 looks serious, also fixed postponed CVEs (Beuc/front-desk)
---
 libxmltok/bullseye
   NOTE: 20250421: Added by Front-Desk (ta)
   NOTE: 20250421: Also review all other expat CVEs. (bunk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761b1688c4f2064913b140bb016f2707d9f7c0c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761b1688c4f2064913b140bb016f2707d9f7c0c4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260608/8cc2c932/attachment-0001.htm>
