Univention Bugzilla – Bug 56033
libxml2: Multiple issues (5.0)
Last modified: 2023-05-03 15:40:43 CEST
New Debian libxml2 2.9.4+dfsg1-7+deb10u6 fixes: This update addresses the following issues: * NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484) * Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
--- mirror/ftp/pool/main/libx/libxml2/libxml2_2.9.4+dfsg1-7+deb10u5.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/libxml2_2.9.4+dfsg1-7+deb10u6.dsc @@ -1,3 +1,12 @@ +2.9.4+dfsg1-7+deb10u6 [Sat, 29 Apr 2023 21:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK + * CVE-2023-28484 + Fix null deref in xmlSchemaFixupComplexType + * CVE-2023-29469 + Hashing of empty dict strings isn't deterministic + 2.9.4+dfsg1-7+deb10u5 [Sun, 30 Oct 2022 15:32:24 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/5.0-3/#2630192578444524574>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 904c9a077e Bug #56033: libxml2 2.9.4+dfsg1-7+deb10u6 doc/errata/staging/libxml2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-3] 6fe95312af Bug #56033: libxml2 2.9.4+dfsg1-7+deb10u6 doc/errata/staging/libxml2.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x652>