[xml/sgml-pkgs] Bug#1098322: Accepted libxml2 2.9.10+dfsg-6.7+deb11u6 (source) into oldstable-security
Tobias Frost
tobi at debian.org
Mon Feb 24 19:08:56 GMT 2025
Control: fixed -1 2.9.10+dfsg-6.7+deb11u6
----- Forwarded message from Debian FTP Masters <ftpmaster at ftp-master.debian.org> -----
Date: Sat, 22 Feb 2025 11:00:20 +0000
From: Debian FTP Masters <ftpmaster at ftp-master.debian.org>
To: debian-lts-changes at lists.debian.org, dispatch at tracker.debian.org
Subject: Accepted libxml2 2.9.10+dfsg-6.7+deb11u6 (source) into oldstable-security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Feb 2025 09:47:48 +0100
Source: libxml2
Architecture: source
Version: 2.9.10+dfsg-6.7+deb11u6
Distribution: bullseye-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
Changed-By: Tobias Frost <tobi at debian.org>
Closes: 1051230 1053629 1063234 1094238 1098320 1098321 1098322
Changes:
libxml2 (2.9.10+dfsg-6.7+deb11u6) bullseye-security; urgency=high
.
* Non-maintainer upload by the ELTS Security Team.
* Import patches for:
- CVE-2024-25062: Use after free (Closes: #1063234)
- CVE-2023-45322: Use after free (Closes: #1053629)
- CVE-2023-39615: out-of-bounds read (Closes: #1051230)
- CVE-2022-49043: Use after free (Closes: #1094238)
- CVE-2024-56171: Use after free (Closes: #1098320)
- CVE-2025-24928: Stack based buffer overflow (Closes: #1098321)
- CVE-2025-27113 - NULL pointer dereference (Closes: #1098322)
- Add patch t oavoid stack overflow with XML reader and recursive
XIncludes.
Thanks to Adrian Bunk for the triaging and preparing the patches.
Checksums-Sha1:
581bd952e2115baa42b981e27c76afa083841afc 2704 libxml2_2.9.10+dfsg-6.7+deb11u6.dsc
d35a71e9cae13f65bb7fea770b8b47eda3b098b5 46852 libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz
85271f96eefe708f11ad8cccd8040dcc8c6c56a9 9672 libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo
Checksums-Sha256:
d25a3efcde1db33d7d958278d3df23c08deb0f74b8707fdd562308feb78a88f4 2704 libxml2_2.9.10+dfsg-6.7+deb11u6.dsc
c9a7ee863cebbb9946556e64d8f3b884d428d95efd0d1cb8f7239f02c9373b9b 46852 libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz
81fcf3c49b2e9bf7cb20d6b799bbbe8805fc28f6d1cd134c76cba81b20caf402 9672 libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo
Files:
5eb1022509204cdb86d49b0adb6578e3 2704 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6.dsc
a2e7231333163720657017d99d042f53 46852 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz
3e4c6a4ad00997b4c2d9c0a21bcd06fc 9672 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAme5n4wACgkQkWT6HRe9
XTYclRAAhenBR+eV62ZqrxfAiBJ7EC5aj49xsvuddt4BoD+YaOLlIfmm3lMl0NhE
Gnu0W9Fm8Ap9xaIZxocEtko63S85pGj0Uxm/U5BneI2bwX2HEilddnRHbOsAS3tK
Awn1LMGMKyI+h5ltSvK4Q0bAbU3b0/Ja7KBnmrORXIj7yBEkaXqkN69Zll4fREny
nfcrNUWuJ2NaDrc3UUoNDxlhkTyCm7QJPreIdY4Ay/T6cNQ4FX8e0vCkApnM9zcr
mxV5+y5UsufhovUnTrLCtekEu7XQPVVSOXoeXIv7pAYJsvJueMX2x4DvUUjtDMgm
gGtmHGvJ/FtfHsGlu/72AaQqKZ3T4aUsFYqCerWQSDGAU/EGmeHLHvdMlGYB+eMV
Vwj1HDzhHIGCcUgDibgAa0cGcRq7aspGskeWPJyDrIaa9R/gbfVpxpiDZnlVLnPC
/tmoBtOK0Zdnm+qXof/PBm/O2mzeOursKvgyUyFf03CKfSI4OFG47MZHMlDQRmPZ
mNUgWah1iX+PJFhq3DCpRPmO68VZtBUKiRGo3nyjVW2d4v+MsHGw0UoVjRojeIBE
dl4nASEgW76Pk+p9Pz+JiePS3X8iFftGKBaXBUXPU9qPjKX1bb1fv3qldBrFaRvN
UAdz139CTFRo+jx/Cj2Zdfzike80SlC3E2r8ncjZY4hOoOOvnis=
=ZPmS
-----END PGP SIGNATURE-----
----- End forwarded message -----
More information about the debian-xml-sgml-pkgs
mailing list