Univention Bugzilla – Bug 53353
libxml2: Multiple issues (4.4)
Last modified: 2021-06-02 17:09:38 CEST
New Debian libxml2 2.9.4+dfsg1-2.2+deb9u5 fixes: This update addresses the following issue: * Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/libxml2_2.9.4+dfsg1-2.2+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libxml2_2.9.4+dfsg1-2.2+deb9u5.dsc @@ -1,3 +1,10 @@ +2.9.4+dfsg1-2.2+deb9u5 [Sat, 29 May 2021 20:34:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2021-3541 + Fix for "Parameter Laughs"-attack, that is similar to the + "Billion Laughs"-attacks found earlier in libexpat. + 2.9.4+dfsg1-2.2+deb9u4 [Mon, 10 May 2021 11:50:45 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-8/#4482584142247179147>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 13cf162f1a Bug #53353: libxml2 2.9.4+dfsg1-2.2+deb9u5 doc/errata/staging/libxml2.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x985>