Back to libxml2 PTS page

Accepted libxml2 2.9.4+dfsg1-2.2+deb9u3 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libxml2 2.9.4+dfsg1-2.2+deb9u3 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 09 Sep 2020 22:20:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1kG8Rp-0002AI-9m@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Sep 2020 22:06:27 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-2.2+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
 python3-libxml2 - Python3 bindings for the GNOME XML library
 python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.4+dfsg1-2.2+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-8872:
     Global buffer-overflow in the htmlParseTryOrFinish function.
   * Fix CVE-2019-20388:
     A memory leak was found in the xmlSchemaValidateStream function of libxml2.
     Applications that use this library may be vulnerable to memory not being
     freed leading to a denial of service.
   * Fix CVE-2020-24977:
     Out-of-bounds read restricted to xmllint --htmlout.
   * Fix CVE-2020-7595:
     Infinite loop in xmlStringLenDecodeEntities can cause a denial of service.
   * Fix CVE-2017-18258:
     The xz_head function in libxml2 allows remote attackers to cause a denial
     of service (memory consumption) via a crafted LZMA file, because the
     decoder functionality does not restrict memory usage to what is required
     for a legitimate file.
   * Fix CVE-2018-14404:
     A NULL pointer dereference vulnerability exists in the
     xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid
     XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications
     processing untrusted XSL format inputs may be vulnerable to a denial of
     service attack.
   * Fix CVE-2018-14567:
     If --with-lzma is used, allows remote attackers to cause a denial of
     service (infinite loop) via a crafted XML file.
   * Fix CVE-2019-19956:
     The xmlParseBalancedChunkMemoryRecover has a memory leak related to
     newDoc->oldNs.
Checksums-Sha1:
 42e422b2c5921ca1708abd9731983ea70c506822 3045 libxml2_2.9.4+dfsg1-2.2+deb9u3.dsc
 a3bf31374ab4603b2e87de9e9499e124ea0ce6ca 36248 libxml2_2.9.4+dfsg1-2.2+deb9u3.debian.tar.xz
 0d96daece0462ebe3add016d9a0522775886d98b 10726 libxml2_2.9.4+dfsg1-2.2+deb9u3_amd64.buildinfo
Checksums-Sha256:
 08f96248840c577e4131f58ca1010d4335add3eb9b78dd1b152e064683e13158 3045 libxml2_2.9.4+dfsg1-2.2+deb9u3.dsc
 76a2f664a700d1023c214b9fbb248cf955072d16cfea4bba54003af199795268 36248 libxml2_2.9.4+dfsg1-2.2+deb9u3.debian.tar.xz
 c318231cae02ff1d75cda33a7219da84f445010af3ebcc80557a5d4803d39432 10726 libxml2_2.9.4+dfsg1-2.2+deb9u3_amd64.buildinfo
Files:
 7bfe43faf3a8755f9c4221281a7484aa 3045 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u3.dsc
 294bb6879dde0a57542591c09cc58cc1 36248 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u3.debian.tar.xz
 ebdc963629a2007c5484028b5c1d1b18 10726 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl9ZUQBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktdEQALCNTOb0XAPK+HwCYm6uiapyGe5YkRBpSNZO
la4ZGoSa9vsngRcGw7olaNt+oSUVtt//6IvLe4xFGapHjo6Y/UFdBdSJ/QJlkHWe
USG1tVCVE2hZ4aXzibOZJLhGdT7tCRbcgsM9LX5SzrNBZtWFVGnYCWTyll/4V17i
OlKWmxr2yFSDGXmJDjRfj6iLIqLxbgTVU5waY5S5OcqPJz1M96zGNyizuxyBWiNr
957e0Gw9ZEJ8WJlVl8klpux8LanB8alWnMqXAPeMPFYY4vm80Zeecx8odEQ8P5d0
LxVC9Z7j47TThEXwBfIUK3Zs0J9AscbNuI3aibNEH9nn7w0xvgxg3qYDUj0CJqU8
XEuwGbeRA/BQX7lYQkOCk8qbrB+30v26IDNyA8Slk+bPh+3lpK2RaJB06FrB7+1v
6fJJSq5Teoo6PzAQbZK/RFo+BJffdpiUIE6lQyzmajmcBPSJP1z1iqNqFmDUKafB
ZL7cUrtF2qIBfJJI83fLEFpE9RgmAtwvzvP2td9clJsTRjBRiM0hMpTQvxezxMRA
atoIMlX+Hp+/JlvXF6yWYK2ohGc3C1Wji44hK9qfRBlzTaopoZntGVP1utHMj+lQ
vWETHLd6b2Cp+9+RxwfaMLImvgk4IzJ4ALFDIxa/Qzxfi4Hyl3gT5a2l4w/E8nSU
lR+9EM22
=pMVs
-----END PGP SIGNATURE-----