[xml/sgml-pkgs] Bug#1100391: libxml2: CVE-2025-27113: Null-deref in xmlPatMatch
Hemlata Chandewar
Hemlata.Chandewar at ibm.com
Thu Mar 13 10:19:23 GMT 2025
Package: libxml2
Severity: normal
User: Hemlata.Chandewar at ibm.com
Hi,
This is regarding to the following vulnerability published for libxml2.
CVE-2025-27113<https://security-tracker.debian.org/tracker/CVE-2025-27113>[0]:
| libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer
| dereference in xmlPatMatch in pattern.c.
This vulnerability has been addressed in the bullseye release, but since it pertains to an older version, we would like to inquire when it will be fixed in the upcoming sid, Trixie releases.
Source Package
Release
Version
Status
libxml2<https://security-tracker.debian.org/tracker/source-package/libxml2> (PTS<https://tracker.debian.org/pkg/libxml2>)
bullseye
2.9.10+dfsg-6.7+deb11u4
vulnerable
bullseye (security)
2.9.10+dfsg-6.7+deb11u6
fixed
bookworm
2.9.14+dfsg-1.3~deb12u1
vulnerable
sid, trixie
2.12.7+dfsg+really2.9.14-0.2
vulnerable
Looking forward to your response.
Best regards,
Hemlata Chandewar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20250313/39f8484c/attachment-0001.htm>
More information about the debian-xml-sgml-pkgs
mailing list