[xml/sgml-pkgs] libxml2_2.9.4+dfsg1-2.2+deb9u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Aug 23 05:21:05 UTC 2017


Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Aug 2017 17:36:49 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-2.2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
 python3-libxml2 - Python3 bindings for the GNOME XML library
 python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
     Incorrect limit was used for port values. (Closes: #870865)
   * Prevent unwanted external entity reference (CVE-2017-7375)
     Missing validation for external entities in xmlParsePEReference.
     (Closes: #870867)
   * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
     - Heap-based buffer over-read in function xmlDictComputeFastKey
       (CVE-2017-9049).
     - Heap-based buffer over-read in function xmlDictAddString
       (CVE-2017-9050).
     (Closes: #863019, #863018)
   * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
     CVE-2017-9048)
     - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
     - Stack-based buffer overflow in function xmlSnprintfElementContent
       (CVE-2017-9048).
     (Closes: #863022, #863021)
   * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
     Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1: 
 df8d7379224f77ab6a6c4d443c9bdefba287c141 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
 ca9a4f7f1eab2b69ead6174885a5e6b1629ec956 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz
 85d5216fdadbe362d11ec4bd19b127a5acf5fdcf 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz
Checksums-Sha256: 
 9cd8802fa5c7a6c89a23c755b41f5e9a114f7e74c4b5aeb303516c1f298df87a 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
 a74ad55e346aa0b2b41903e66d21f8f3d2a736b3f41e32496376861ab484184e 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz
 6c9e6fed9d68a7992057e6153972d1582fc75ff3140f619ba9c0b024351c14e7 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz
Files: 
 b651eec09442c237b38564cea286c342 3049 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
 3ced197721416e7e2f13b0f4e0f1185b 2446412 libs optional libxml2_2.9.4+dfsg1.orig.tar.xz
 fe5416336a1b118695ac05fb4019a8c9 33600 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYXFZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELtoP+QGKO/pvoqXCukGRP2N1YXz29cQg46zm
hFHHXhbgHV3za26ZYB27BsSvaJMtAskYg3OZmBL+jsctDsZNJQrBmAG7l9sJ1a6J
d1o+tG/r2cvVLnsSPUSPVaKTG4YyIuX06SLg9d0TJcCaPI4O2TsQ4MKpNKjXBjfi
ELzyYGV2l9pPcstlyaAOXmL27Va0W1DVUQhoa8+Smh08deDkV8V/+knINTVoGDny
KoUGUuPnHG8sjcRvhb+W+0pu5s4in3ck/KExtjdIjZws+m+IFrUqwiMJN06vmKcA
T2j47mVRoAYHCnJqP2bssRGDMJKH1sxfG9gewna4R30KrCBjJNGRTahTtxSW6wZd
VbhIQPCJ8+Foxej9xgL85RzjC0j9b99/3d2goaI3nfSXtr+FCZS9R0i2tCwq1Njk
Mve6++QgDgmeZOTijR4QiBN/WSZDBa6gLP4RjSrmjcGTfjxms1e5jhKy4qaRlRMB
wCmzCt7tbYBCYQ3YQ9zAich8bV43v2SHIwxrGn9ZzeLGbIdbQ0H6T7lHI/nIQoD9
BDXGP5AcD5FTzs2nlqFudzXnv4117er/LgFv6fBaEZzdt4NqQUesdKNibpvAH/L+
PO0cXBlihHkyospv1phcXkWzVkM8xUlFZczTBXmJA4rzRtFG2w7jl/Zgh6oEY8Br
yE8Sv8isjLp5
=MtaG
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the debian-xml-sgml-pkgs mailing list