Accepted libxml2 2.9.4+dfsg1-7+deb10u5 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted libxml2 2.9.4+dfsg1-7+deb10u5 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 30 Oct 2022 14:50:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libxml2_2.9.4+dfsg1-7+deb10u5_source.changes
- Debian-source: libxml2
- Debian-suite: oldstable
- Debian-version: 2.9.4+dfsg1-7+deb10u5
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=YC/ZbTIUtz/B5I889T6AesDsumJEPGyw55RS2ogz7Bk=; b=r63MvSWCtHh9N+qc+rv4pgAwgX fHOqZ+zyKuvDF3Bl/H+uUU59EOoAEeC9PX5z4r2XAoMwCDyReFTkZDEpKy5IXZNXsOsSzENr9+ZWP mDUDUmvOEs2HAr+eCnESA3Mw3pY4KON7wQqAT4HGa3/ZGD+WRClgxgQx00/7ZCwhOy3Iam9w0VgCP WQKdRddJX7DhqbJR79BXgY2c8pJ/GUM+QNdZ5x15CI9lzw/6lDUpTquT5Enb1PTLM+B6Af8/4oVvQ LRllC6Zi9cFEgu0G6iQk3xkV8ic/l1mg3CMgswojvmNSHDCMJvVNMV3pzYTtsrn//gGqEUj809Gbt U7+3keUw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1op9dm-0027Y7-Or@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Oct 2022 15:36:30 CET
Source: libxml2
Architecture: source
Version: 2.9.4+dfsg1-7+deb10u5
Distribution: buster-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
66f139a442fcf61a6d096b5aaaa44ffdd3dbad30 3159 libxml2_2.9.4+dfsg1-7+deb10u5.dsc
01d900b40d77ee6974d7edb6381ada286e5ec585 48120 libxml2_2.9.4+dfsg1-7+deb10u5.debian.tar.xz
711f864ea5e538d11b8cbb47a4c566fc4dbb8074 10726 libxml2_2.9.4+dfsg1-7+deb10u5_amd64.buildinfo
Checksums-Sha256:
6303e2cd44297bc4217a383ee9689d21405fe76a55e3ca1117777aa459a890e3 3159 libxml2_2.9.4+dfsg1-7+deb10u5.dsc
4fe41d5913d7c93847d34a575489eccc56cffdb927b2128e26f297885a8f7528 48120 libxml2_2.9.4+dfsg1-7+deb10u5.debian.tar.xz
a1fc8aa897b45aab00f48fd88f40432fc6f5d308d05f738b9db59bdb1a2aa056 10726 libxml2_2.9.4+dfsg1-7+deb10u5_amd64.buildinfo
Changes:
libxml2 (2.9.4+dfsg1-7+deb10u5) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-40303:
Parsing a XML document with the XML_PARSE_HUGE
option enabled can result in an integer overflow because safety checks were
missing in some functions. Also, the xmlParseEntityValue function didn't
have any length limitation.
* Fix CVE-2022-40304:
When a reference cycle is detected in the XML entity cleanup function the
XML entity data can be stored in a dictionary. In this case, the
dictionary becomes corrupted resulting in logic errors, including memory
errors like double free.
Files:
8d1a70d36677ab7fa33d2b4ba78b5018 3159 libs optional libxml2_2.9.4+dfsg1-7+deb10u5.dsc
e10a2b27c8b0b12ce907f2ea8a4aaeca 48120 libs optional libxml2_2.9.4+dfsg1-7+deb10u5.debian.tar.xz
c9e606901e9ea1539febe8a6f786b011 10726 libs optional libxml2_2.9.4+dfsg1-7+deb10u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNejCpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkuBMQAKTnYR0TA8W5FBNECWk7+hh1XuOZ52rZvD8y
qaLellatHPrB1hzjT9dOqb9gHLgYsV7rBmBrYtSxXySTlLx5qCZaybLCoXIkyRyp
8OFxd7bAyI4yJ8PQMflFFrY+V0tKvBlN/iGqJlOX1XAlODetHKIA+r5CNhlyGB6j
qggEG1pM5pc2fag2Ink5AftB+Jf/deUjK9jll7WmhNEsQRb7szf35ynyGsk39K/6
zPu6MMHzTr1fv9DBOkTYNTXYoj7kgNDa8b5PWaOzkzEiXnncADf+cqdybFQWJbq+
koOJTh5RK8qfqDEj79/hVCNwwxSl+cL1zVizSr6iEPVyc3pFZHcYH8acR+IC/hsK
3Wf7kyNyZjRtw2A7wqr1qRhuotfr4figQY2hqsS99yiOdem9cHZ7z2JKUpZvtudC
qyjCjupcakvpygCysU+ZNWBfXCMgugaD8gRLjlteq/lv7OidZbAQ25G9U1jm7NV4
rpbF3kz+FmMm6pY8P8dT0R9yDA25JDVr0zsjyejY85ZUUCUaU8SoXxAztL9DS13j
JRVQQLN2c/Vbz4u842H0+X8tU/6Aw+13Wv3evHv/2omV0Cli39QebFNlj2I/1qV2
55FkvbPzetArTmjA+L9b9h5fsDgd2KiQp+YiCtPhSdYAj9DCOBHhZEBnc5UfKEeo
+GotKDBZ
=/iN/
-----END PGP SIGNATURE-----