libxml2 (2.9.13+dfsg-1ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free via XInclude expansion
- debian/patches/CVE-2024-25062.patch: don't expand XIncludes when
backtracking in xmlreader.c.
- CVE-2024-25062
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 16 Feb 2024 13:14:24 -0500
libxml2 (2.9.13+dfsg-1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Null dereference
- debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in
xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType
when parsing (invalid) XML schemas in
result/schemas/oss-fuzz-51295_0_0.err,
test/schemas/oss-fuzz-51295_0.xml,
test/schemas/oss-fuzz-51295_0.xsd,
xmlschemas.c.
- CVE-2023-28484
* SECURITY UPDATE: Logic or memory errors and double frees
- debian/patches/CVE-2023-29469.patch: check namelen less equal zero in
dict.c.
- CVE-2023-29469
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 14 Apr 2023 08:19:12 -0300
libxml2 (2.9.13+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-2309.patch: reset nsNr in
xmlCtxReset in parser.c (LP: #1996494).
- CVE-2022-2309
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2022-40303.patch: fix integer overflows
with XML_PARSE_HUGE in parser.c.
- CVE-2022-40303
* SECURITY UPDATE: Double-free
- debian/patches/CVE-2022-40304.patch: fix dict
corruption caused by entity ref cycles in
entities.c.
- CVE-2022-40304
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 29 Nov 2022 16:39:07 -0300
libxml2 (2.9.13+dfsg-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: Integer overflows
- debian/patches/CVE-2022-29824.patch: Fix integer overflows in
xmlBuf and xmlBuffer in tree.c, buf.c.
- CVE-2022-29824
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 09 May 2022 15:33:11 -0300
libxml2 (2.9.13+dfsg-1build1) jammy; urgency=medium
* No-change rebuild with Python 3.10 only
-- Graham Inggs <ginggs@ubuntu.com> Thu, 17 Mar 2022 19:28:02 +0000
libxml2 (2.9.13+dfsg-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.9.13+dfsg.
+ Convert devhelp to version2. Closes: #955205
+ Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489
* Bump my copyright for debian/*.
* d/watch: move download sourceto https://download.gnome.org/.
-- Mattia Rizzolo <mattia@debian.org> Sun, 27 Feb 2022 19:57:48 +0100
libxml2 (2.9.12+dfsg-6) unstable; urgency=medium
* Team upload.
* d/control:
+ Use the new Description field in the source paragraph and add references
to the binary paragraphs. This is a new feature since dpkg 1.19.0
(from 2017). Policy is not yet updated, see #998165.
+ Drop Build-Depends on python3-all-dbg, not used since the last revision.
* Add patches from upstream to fix:
+ return code of xmllint when incorrectly called. Closes: #727075
+ regression with entity references in external DTDs. Closes: #994765
-- Mattia Rizzolo <mattia@debian.org> Sat, 19 Feb 2022 13:11:26 +0100
libxml2 (2.9.12+dfsg-5) unstable; urgency=medium
* Team upload.
* Stop building the python3-libxml2-dbg package. Closes: #994307
* Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that
is not validating anymore. Closes: #993638
* Remove lintian override that was fixed in lintian for
debian-rules-uses-supported-python-versions-without-python-all-build-depends
-- Mattia Rizzolo <mattia@debian.org> Mon, 20 Sep 2021 15:06:01 +0200
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium
* Team upload.
* Add a few patches from upstream:
+ Work around lxml API abuse.
+ Fix regression in xmlNodeDumpOutputInternal. LP: #1943277
+ Fix whitespace when serializing empty HTML documents.
+ Forbid epsilon-reduction of final states.
+ Fix buffering in xmlOutputBufferWrite.
-- Mattia Rizzolo <mattia@debian.org> Fri, 10 Sep 2021 22:13:09 +0200
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium
* Team upload.
* Upload to unstable.
* Add patch from upstream to fix a regression in the recursion limit for
complex XSLT documents. This also fixed the ruby-nokogiri test failure,
so drop the previously introduced Breaks.
* d/control: Bump Standards-Version to 4.6.0, no changes needed.
-- Mattia Rizzolo <mattia@debian.org> Wed, 01 Sep 2021 16:45:21 +0200
# For older changelog entries, run 'apt-get changelog libxml2'
Generated by dwww version 1.14 on Wed Jan 22 09:42:23 CET 2025.