Accepted libxml2 2.9.1+dfsg1-5+deb8u5 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Aug 2017 17:31:22 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: all source
Version: 2.9.1+dfsg1-5+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
libxml2-utils-dbg - XML utilities (debug extension)
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1:
eaab819c0731a18e9c54f4063ab224dcf6cbb601 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc
1ac243dfcb48cc4c6f75c047fbc615ad8dd13f34 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
53e9469a3539c99004bf03f2d48c740d35fd11c1 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Checksums-Sha256:
6fe2c4e997f1ed1520cbba4474513880a1e7450de57a0c86f73c4023396609fb 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc
01247e1947e2b52c4ef0e227fdd501038aa0840b8c889c26b6503a2dcd85a5d3 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
5e3c6fc3559c5a11fd1d8fa82adc279a50e72aea8e1cfb737edb9ef56be62d56 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Files:
2a3af655cd7869b5c46d004574abc73e 2760 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.dsc
c3ad68eb36657f8205d46df58bbef1cb 70784 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
20f7e4cd04c586dcebfc9d889ff8e926 815012 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYWvlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EE0oP/0lQVfaWpw3IFFPpnuyFZE60cbGVBvkm
xcqxfQ2JakMYi9ad2l2zt/OzuH3kgXVuQq7PYQmXbTsRSETqszVjG403m4aIkIht
HrtH8JmilAtNMKmvYpuNoUpVpPHT6JERQv9PU4B4gFqgS2tPG0iwzLZvivnuoPwH
8nlHugB0eIbyudk51YP3Swh5qx3Hx6VWGxAlcPnduA8PyFRV++fRu0oriEtaff+G
hqHWnA5ZgQBUMTiClCYrjwWaYK00tIkq44l+ceoyjBusix43xoDkoQ0iekPnUMmQ
CXSLke7/pxAqp7iakQNljm6Hd8LABXMRDAeyPYGiQPa4l8z9ad5kQnJ2Hz2Inx4s
UMH/JFqFLk0FinXyYZ2gKERcwheaNGQh9nbWhWgvAdmNC8KnXBNpCSs2qk2KwmqP
TO1n3Rw7EUEulaSJwomuDz6/h8u2Kkzo2RZPkcwRfEE0pmZAIuoVChr4zJpdUQ+E
ed0kRX5m5t50csgzWpMnfbu5mRn3p0SMzdiBlAQZUHQXGNzkEsXqD5pnCAw0lFnM
kiac5oDW/7n/v/8yR9jgN6CqcGtEjtmGf+I89Nuf91ZXazjEZJW9w+caIqfbJAnB
YAGCQFYD5Mvc8d2h5LtTUINca5RZH4QL46pz7gIeGBKCmkW71CVW7CS4DpIaeC9Q
x2pYxo5jonEM
=1LfP
-----END PGP SIGNATURE-----