[xml/sgml-pkgs] Bug#1109013: libxml2: CVE-2025-6021, CVE-2025-49794, CVE-2025-49795, CVE-2025-49796
Hemlata Chandewar
Hemlata.Chandewar at ibm.com
Wed Jul 9 15:18:15 BST 2025
Package: libxml2
Severity: CRITICAL and HIGH
User: Hemlata.Chandewar at ibm.com<mailto:Hemlata.Chandewar at ibm.com>
Hi,
We are writing in reference to the recently published vulnerabilities affecting libxml2:
CVE-2025-6021: https://www.cve.org/CVERecord?id=CVE-2025-6021
CVE-2025-49794: https://www.cve.org/CVERecord?id=CVE-2025-49794
CVE-2025-49795: https://www.cve.org/CVERecord?id=CVE-2025-49795
CVE-2025-49796: https://www.cve.org/CVERecord?id=CVE-2025-49796
These vulnerabilities appear to affect all currently released versions listed below:
Source Package
Release
Version
Status
libxml2<https://security-tracker.debian.org/tracker/source-package/libxml2> (PTS<https://tracker.debian.org/pkg/libxml2>)
bullseye
2.9.10+dfsg-6.7+deb11u4
vulnerable
bullseye (security)
2.9.10+dfsg-6.7+deb11u7
vulnerable
bookworm
2.9.14+dfsg-1.3~deb12u1
vulnerable
bookworm (security)
2.9.14+dfsg-1.3~deb12u2
vulnerable
trixie, sid
2.12.7+dfsg+really2.9.14-1
vulnerable
We would appreciate clarification on the following points:
1. Will these vulnerabilities be fixed in version 2.12.7+dfsg+really2.9.14-1 (Trixie, Sid)? If so, when?
2. When is the next version, 2.14.4+dfsg-0exp1 (currently in experimental), expected to become a stable release?
3. Will these vulnerabilities be addressed in that next stable release (2.14.x)?
Thank you for your time and assistance. We look forward to your response.
Best regards,
Hemlata Chandewar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20250709/da867daa/attachment-0001.htm>
More information about the debian-xml-sgml-pkgs
mailing list