Univention Bugzilla – Bug 54657
libxml2: Multiple issues (4.4)
Last modified: 2022-04-13 15:13:12 CEST
New Debian libxml2 2.9.4+dfsg1-2.2+deb9u6 fixes: This update addresses the following issues: * XML External Entity vulnerability (CVE-2016-9318) * heap overflow in libxml2 (CVE-2017-5130) * Null pointer dereference in xmlSaveDoc implementation (CVE-2017-5969) * Infinite recursion in parameter entities (CVE-2017-16932) * Use-after-free of ID and IDREF attributes (CVE-2022-23308)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/libxml2_2.9.4+dfsg1-2.2+deb9u5.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libxml2_2.9.4+dfsg1-2.2+deb9u6.dsc @@ -1,3 +1,12 @@ +2.9.4+dfsg1-2.2+deb9u6 [Fri, 08 Apr 2022 16:14:56 +0200] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2022-23308: use-after-free of ID and IDREF attributes. + * CVE-2017-16932: infinite recursion in parameter entities. + * CVE-2017-5969: NULL pointer deref in xmlDumpElementContent. + * CVE-2017-5130: integer overflow in memory debug code. + * CVE-2016-9318: improve handling of context input_id. + 2.9.4+dfsg1-2.2+deb9u5 [Sat, 29 May 2021 20:34:02 +0200] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-8/#4482584142250426722>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 8155db0982 Bug #54657: libxml2 2.9.4+dfsg1-2.2+deb9u6 doc/errata/staging/libxml2.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.4-8] a96a5f914e Bug #54657: libxml2 2.9.4+dfsg1-2.2+deb9u6 doc/errata/staging/libxml2.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1220>