Accepted libxml2 2.9.4+dfsg1-2.2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Aug 2017 17:36:49 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-2.2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
python3-libxml2 - Python3 bindings for the GNOME XML library
python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension)
Changes:
libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1:
df8d7379224f77ab6a6c4d443c9bdefba287c141 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
ca9a4f7f1eab2b69ead6174885a5e6b1629ec956 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz
85d5216fdadbe362d11ec4bd19b127a5acf5fdcf 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz
Checksums-Sha256:
9cd8802fa5c7a6c89a23c755b41f5e9a114f7e74c4b5aeb303516c1f298df87a 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
a74ad55e346aa0b2b41903e66d21f8f3d2a736b3f41e32496376861ab484184e 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz
6c9e6fed9d68a7992057e6153972d1582fc75ff3140f619ba9c0b024351c14e7 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz
Files:
b651eec09442c237b38564cea286c342 3049 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc
3ced197721416e7e2f13b0f4e0f1185b 2446412 libs optional libxml2_2.9.4+dfsg1.orig.tar.xz
fe5416336a1b118695ac05fb4019a8c9 33600 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYXFZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELtoP+QGKO/pvoqXCukGRP2N1YXz29cQg46zm
hFHHXhbgHV3za26ZYB27BsSvaJMtAskYg3OZmBL+jsctDsZNJQrBmAG7l9sJ1a6J
d1o+tG/r2cvVLnsSPUSPVaKTG4YyIuX06SLg9d0TJcCaPI4O2TsQ4MKpNKjXBjfi
ELzyYGV2l9pPcstlyaAOXmL27Va0W1DVUQhoa8+Smh08deDkV8V/+knINTVoGDny
KoUGUuPnHG8sjcRvhb+W+0pu5s4in3ck/KExtjdIjZws+m+IFrUqwiMJN06vmKcA
T2j47mVRoAYHCnJqP2bssRGDMJKH1sxfG9gewna4R30KrCBjJNGRTahTtxSW6wZd
VbhIQPCJ8+Foxej9xgL85RzjC0j9b99/3d2goaI3nfSXtr+FCZS9R0i2tCwq1Njk
Mve6++QgDgmeZOTijR4QiBN/WSZDBa6gLP4RjSrmjcGTfjxms1e5jhKy4qaRlRMB
wCmzCt7tbYBCYQ3YQ9zAich8bV43v2SHIwxrGn9ZzeLGbIdbQ0H6T7lHI/nIQoD9
BDXGP5AcD5FTzs2nlqFudzXnv4117er/LgFv6fBaEZzdt4NqQUesdKNibpvAH/L+
PO0cXBlihHkyospv1phcXkWzVkM8xUlFZczTBXmJA4rzRtFG2w7jl/Zgh6oEY8Br
yE8Sv8isjLp5
=MtaG
-----END PGP SIGNATURE-----