[xml/sgml-pkgs] libxml2_2.15.2+dfsg-0.1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Mar 25 13:51:15 GMT 2026 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Mar 2026 14:30:48 +0100
Source: libxml2
Architecture: source
Version: 2.15.2+dfsg-0.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
Changed-By: Matthias Klose <doko at debian.org>
Closes: 1125691 1125695 1125696
Changes:
 libxml2 (2.15.2+dfsg-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream bug fix release.
     Security issues:
     - CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c
     - CVE-2026-0990 fix: Prevent infinite recursion in
       xmlCatalogListXMLResolve. Closes: #1125695.
     - CVE-2026-0992 fix: Exponential behavior when handling
       parser: Fix infinite loop in xmlCtxtParseContent. Closes: #1125696.
     - CVE-2025-10911 libxslt related: Ignore next/prev of documents when
       traversing XPath
     - CVE-2026-0989 fix: Add RelaxNG include limit. Closes: #1125691.
     - xmlIO: use size_t for buffer size reallocation
     - uri: fix signed integer overflow in xmlBuildRelativeURISafe
     - schematron: fix memory leaks on error paths in xmlSchematronParseRule
     - catalog: fix stack overflow from self-referencing SGML CATALOG entries
     Improvements
     - fuzz: Make fuzzy encoding match more lenient
     - Fix C14N type confusion
     - meson: Fix build with Meson < 1.3
     - xmllint: Use zlib directly
     - xmllint: New option to separate xpath results using null, --xpath0
     - autotools: Make valgrind actually check for leaks
     - meson: Add valgrind test setup
     - Fix xmlOutputBufferGetContent output when encoder is set
     - threads: don't force _WIN32_WINNT to Vista if it's set to a higher value
     - dist: Add generated documentation to the dist as "dist-doc" folder
       to simplify downstream packaging of doc
     - Fix xmlRemoveEntity removing from wrong hash table
     - use duplicating variant in relaxng to mitigate UAF
     - Fix memory leak in xmlTextWriterStartAttributeNS on OOM
     - meson: remove hardcoded buildtype=debug default
     - Fix memory leak of prefix in xmlTextWriterStartElementNS()
     - writer: Add a few extra NULL checks to avoid memory leaks on corrupt
       writer path.
   * Update symbols file.
   * Don't include the sources twice in the libxml2-source package.
   * Bump standards version.
Checksums-Sha1:
 e6c69c4e157f3a2f9e2bb7937048d2bebca1c9ea 3135 libxml2_2.15.2+dfsg-0.1.dsc
 91e7c42834c2aa65b17c3bf6d985ed12ff07e59b 2154608 libxml2_2.15.2+dfsg.orig.tar.xz
 f10e58f6748678d98b50266248e1a50f1e080619 36120 libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 f4bc86d5fcb8739757ea93c7ff8a52d74f264cff 5928 libxml2_2.15.2+dfsg-0.1_source.buildinfo
Checksums-Sha256:
 0566b1577d262cae50587a57ac5de746cc7e7b36e33c8351782d88a53cc8a341 3135 libxml2_2.15.2+dfsg-0.1.dsc
 f1e80b8c76041d45840b96da2a5c0ddfb7ffcc923ef6687260e7ebb0fdaa26a5 2154608 libxml2_2.15.2+dfsg.orig.tar.xz
 c58645a5c10a351cda92c0e145e96c754ec061bb4363f09d18f951693997369e 36120 libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 8da88d0fd3c1171a83a404b3052445db9994d86de2843a37dc725ddd71d4bdd6 5928 libxml2_2.15.2+dfsg-0.1_source.buildinfo
Files:
 fb9dabce7a5338c721449ec1811ec84b 3135 libs optional libxml2_2.15.2+dfsg-0.1.dsc
 47fa2efacc4b6612e721df9581714663 2154608 libs optional libxml2_2.15.2+dfsg.orig.tar.xz
 0ceab70f5e7363733da900bfba784f67 36120 libs optional libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 3dcbd76ab4d5cc3b160a6a1ee4f41a5f 5928 libs optional libxml2_2.15.2+dfsg-0.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmnD5L0QHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9fe1D/9VfiT3zM+VJr74EBEQRtB6gwgQStVKNMxu
mH89TljIgjRoxXjvxhzzBp0ebww5aAw0rmJmssmRg6rhnGU6Re0ULg3ab3dQGSwo
bjFKBEAMIJPKF59xG+ECB0HgEAkNqpamdsrJjd1T/0Dcdz+ApgItSiwCqIcU4g0m
EQdN02SYltB6KnWYvdw4iM4aLqyR69sNViN6HnX9YeJn/JzieeC+UhoUw90r4JxK
YkGctTmKK5M6sJWwz0Z/8wk6DRT5qQsPsfLYeqPsS3sNq3anr8jGXMMN5bDn+Peg
Miyq+BwxUyWTb5ENcI3nslIYXeqipaxodoOyzCrAPA/6Ayg4m/ZofO+99Tr07vig
qBki0Umh8/FCyT4bIZnew2SdsX71a1V/QkvT25FUaQR6RaUrqSBNsNeu21T2Ppkp
PEZM8+s9bEeVUyQV0Wm8BlePwhJp7P8Y7a9Ljn6DJ0h2HMj2WpCaiygya+ocFa46
6iquZi0F7sfQ+bat4qeoXFzso0bsQIDQdvJF3wn1CIyzDNQ3X872Y0GNhelaPSOy
ofXOfpeYwQEKIbuzCgntzV/fbrO+vGBq9n13e3SuHHrGYU2ZL9iyKJuFi1EZZ+IL
J8KKd6i+ln68ioTM8J0mNtyXFIFLvsQmRZciflLCHB4SYOU0zbGRCj0Yp4LtzpLY
kV9FFWUJsw==
=6xN2
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20260325/72a777c9/attachment.sig>

More information about the debian-xml-sgml-pkgs mailing list