[Git][security-tracker-team/security-tracker][master] Update status for libxml2 issues fixed via unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 06:48:13 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba5b95ce by Salvatore Bonaccorso at 2026-03-26T07:47:59+01:00
Update status for libxml2 issues fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23932,9 +23932,10 @@ CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling vulne
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/475
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6
CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint utility, ...)
- - libxml2 <unfixed> (unimportant)
+ - libxml2 2.15.2+dfsg-0.1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43ba37dfb07ebe6446fbad9d0973d9279d
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5446460ad3229579c91506317fb80ab333d44414 (v2.15.2)
NOTE: Negligible security impact, memory leak in xmllint CLI utility
CVE-2026-1751 (A vulnerability has been discovered in GitLab CE/EE affecting all vers ...)
- gitlab <unfixed>
@@ -30291,26 +30292,29 @@ CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco E
CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resource co ...)
- - libxml2 <unfixed> (bug #1125696)
+ - libxml2 2.15.2+dfsg-0.1 (bug #1125696)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4af23b523de5b72f27faf3e8e8a99dde5f7b82a2 (v2.15.2)
CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...)
- - libxml2 <unfixed> (bug #1125695)
+ - libxml2 2.15.2+dfsg-0.1 (bug #1125695)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ac6f0fde1476c41f59ad0c68ada3394599ebf2ae (v2.15.2)
CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to how ...)
- - libxml2 <unfixed> (bug #1125691)
+ - libxml2 2.15.2+dfsg-0.1 (bug #1125691)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
[bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/998
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/66c52b3ac6c32ab112ec2a3bf41e6c30948be113 (v2.15.2)
CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation vulnerabi ...)
- keycloak <itp> (bug #1088287)
CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the HDF5 weigh ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba5b95ce946abbfeaf9084f18f50825b7a5a2adf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba5b95ce946abbfeaf9084f18f50825b7a5a2adf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/e4a161bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list