New Debian libxml2 2.9.4+dfsg1-7+deb10u9 fixes: This update addresses the following issues: 2.9.4+dfsg1-7+deb10u9 (Sat, 02 Nov 2024 19:07:09 +0100) * Non-maintainer upload by the ELTS Team. * Fix patch 0002-fix-python-multiarch-includes.patch patching a automake generated file, to allow building twice in a row. * CVE-2017-16932 - infinite recursion in parameter entities * CVE-2023-39615 - Crash with XML_PARSE_SAX1 Parser option * CVE-2023-45322 - Use after free after memory allocation * CVE-2024-25062 - Use after free with DTD validation and XInclude expansion enabled
--- mirror/ftp/pool/main/libx/libxml2/libxml2_2.9.4+dfsg1-7+deb10u8.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/libxml2_2.9.4+dfsg1-7+deb10u9.dsc @@ -1,3 +1,14 @@ +2.9.4+dfsg1-7+deb10u9 [Sat, 02 Nov 2024 19:07:09 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the ELTS Team. + * Fix patch 0002-fix-python-multiarch-includes.patch patching a automake + generated file, to allow building twice in a row. + * CVE-2017-16932 - infinite recursion in parameter entities (Closes: #882613) + * CVE-2023-39615 - Crash with XML_PARSE_SAX1 Parser option (Closes: #1051230) + * CVE-2023-45322 - Use after free after memory allocation (Closes: #1053629) + * CVE-2024-25062 - Use after free with DTD validation and XInclude expansion + enabled (Closes: #1063234) + 2.9.4+dfsg1-7+deb10u8 [Wed, 02 Oct 2024 20:09:43 +0300] Adrian Bunk <bunk@debian.org>: * Non-maintainer upload by the ELTS Team. <http://piuparts.knut.univention.de/5.0-9/#3035955871466919536>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-9] 19c13e5ffc Bug #57722: libxml2 2.9.4+dfsg1-7+deb10u9 doc/errata/staging/libxml2.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1156>