[xml/sgml-pkgs] libxml2_2.12.7+dfsg+really2.9.14-0.4_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Mar 27 11:34:43 GMT 2025 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Mar 2025 11:54:17 +0100
Source: libxml2
Architecture: source
Version: 2.12.7+dfsg+really2.9.14-0.4
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
Changed-By: Matthias Klose <doko at debian.org>
Closes: 1071162 1092484 1094238 1098320 1098321 1098322
Changes:
 libxml2 (2.12.7+dfsg+really2.9.14-0.4) unstable; urgency=medium
 .
   * Non-maintainer upload.
 .
   * Don't build with ICU. Closes: #1092484.
 .
     libxml's README.md states:
 .
     [ICU](https://icu.unicode.org/), a Unicode library. Mainly
     useful as an alternative to iconv on Windows. Unnecessary
     on most other systems.
 .
     ICU 76.1 requires to be built with -std=c++17 or -std=gnu++17 or
     higher.  However including the ICU headers in the libxml2 headers,
     breaks builds with older C++ standards, most likely leading to
     some unrelated build failures for packages that don't rely on ICU,
     but are using libxml2.
 .
   * Import security updates from Ubuntu:
     - SECURITY UPDATE: use-after-free in xmlXIncludeAddNode
       + debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.
       + CVE-2022-49043. Closes: #1094238.
     - SECURITY UPDATE: buffer overread in xmllint
       + debian/patches/CVE-2024-34459.patch: fix buffer issue when using
         htmlout option in xmllint.c.
       + CVE-2024-34459. Closes: #1071162.
     - SECURITY UPDATE: use-after-free
       + debian/patches/CVE-2024-56171.patch: Fix use-after-free after
         xmlSchemaItemListAdd.
       + CVE-2024-56171. Closes: #1098320.
     - SECURITY UPDATE: stack-based buffer overflow
       + debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name
         in xmlSnprintfElements.
       + debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
         xmlSnprintfElements.
       + CVE-2025-24928. Closes: #1098321.
     - SECURITY UPDATE: NULL pointer dereference
       + debian/patches/CVE-2025-27113.patch: Fix compilation of explicit
         child axis.
       + CVE-2025-27113. Closes: #1098322.
Checksums-Sha1:
 4ee2efb936758253ef120e3c750711864f31ffcd 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
 218ed9f116cfd8c30f4df7aa4bd2db2cd3c2955a 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
 2065aef4edd178db210f6ced5aa968230496c829 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo
Checksums-Sha256:
 ed52ed86b0dbc448c79490829aa8f6b73abf37794e3be27d746a8aa1c90a94e0 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
 02dd4c440b5b8bd9376030b5e224a0da707d60e649eec28787b35ebdeebb4f0d 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
 51fe71139020be0e527439c9c11d976c29b6d472b4baf184c8bfca5612686142 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo
Files:
 a0c3b4161adbd5a2e0336b8045c82712 3060 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
 8407424fe583724ebcb524551e40e7c1 38312 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
 04ada705651b2ddaa9354f5ee2336f45 5982 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmflMV8QHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9ZtcD/9+hUy7R3PvY4+DQtFgnWHwATOi6SCjvanE
IYXfGflYhnWC18XZwRSxFgJlfsFTVcPJQZBZ9Q4iwEmEHypi9vK7ElrbCblDrdq/
QSY7E5QNGH7tkI7MRPIhskkx87MI7zt2B5+qcNIgBARJLDbTYKLrbd7gArwkJyQa
PsdkYlr+2GvLh5DmtFls2eZ+bXE5fSEGoxcXeYzbW5Z4guTdJlsGFiJnaYuutlyL
zr3L3lZsoapGzoc2tNOsDcVzZF2r13A+jgnd9JQYBL9tJ838tj4Jzapu29cAJ7qM
MIPcK00eYunQnovhVW76XjDHKO6pGKJp3zQqkEImcQo2sLQHHeH5v52gRJbwgMab
up4hZ6EGLnsss2pj+1q14QGTUIHrHJvjFDJrDJCJRs2eL+h1Zzth1ZwHwPv8LSDN
UN8/hFcaOgPjZHHJidknjvt5rjbu3/jKP6Na7fz/hnFxGja50zvUbO9CvktAnI7n
drDP3zo2uNg4q31Xs7ZhOjUQp0RYxtMOoLYv6aA1RT0CH/ACclGccTv+6FqUCDFy
1cQQ6JH0rVF3O4iJQu3TeXyBndyTVisNYVj348UPIqsbqUGCTZ0rpLvS0LsOTljt
7KV30J142MyIJ1ter5USKqZ8NflNwSi3onwio894ydHVOkEbEb6KmRRQBci5V519
Egyx6sesfQ==
=3LZF
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20250327/a63e8c77/attachment.sig>

More information about the debian-xml-sgml-pkgs mailing list