-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 10 May 2021 11:50:45 +0200 Source: libxml2 Architecture: source Version: 2.9.4+dfsg1-2.2+deb9u4 Distribution: stretch-security Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Changes: libxml2 (2.9.4+dfsg1-2.2+deb9u4) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2021-3516: use-after-free in xmlEncodeEntitiesInternal * CVE-2021-3517: heap-based buffer overflow in xmlEncodeEntitiesInternal * CVE-2021-3518: use-after-free in xmlXIncludeDoProcess * CVE-2021-3537: NULL pointer dereference in xmlValidBuildAContentModel Checksums-Sha1: 1fe0f01fed94e62e1c5bb4b2a7d0474bdc3d922b 2894 libxml2_2.9.4+dfsg1-2.2+deb9u4.dsc ca9a4f7f1eab2b69ead6174885a5e6b1629ec956 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz 539099604925690dd0539a9085775fa9afae303b 37940 libxml2_2.9.4+dfsg1-2.2+deb9u4.debian.tar.xz ddcea5374b7806b43d689612317b89066eb36500 5664 libxml2_2.9.4+dfsg1-2.2+deb9u4_source.buildinfo Checksums-Sha256: 081d2dc34ef0be57c03825173ec701ce843af1d05b2f783f89ace00a61cf04d9 2894 libxml2_2.9.4+dfsg1-2.2+deb9u4.dsc a74ad55e346aa0b2b41903e66d21f8f3d2a736b3f41e32496376861ab484184e 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz 90c78f4ffe6e45281b6300fc1c449736ab245a630c77896f9ce1fce4d2bae916 37940 libxml2_2.9.4+dfsg1-2.2+deb9u4.debian.tar.xz 4c258d69420a62c6dce43e70ac86cad28bed4962f15807f1e7467c736833e9f6 5664 libxml2_2.9.4+dfsg1-2.2+deb9u4_source.buildinfo Files: 65d6cab4ff1925e93601a41b600f2223 2894 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u4.dsc 3ced197721416e7e2f13b0f4e0f1185b 2446412 libs optional libxml2_2.9.4+dfsg1.orig.tar.xz 04cdcd5c83f8a3ae5a89e5fe71bc95db 37940 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u4.debian.tar.xz 97fcc0ff68d1d7ad4db61a1305e30141 5664 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCZIX8ACgkQnUbEiOQ2 gwJ0RQ/6Atecpk0D20+R7grgg++89Ra0zDmY3a18nSCprnmqNtTUDzceCzSvIO/k uNeKPrOn7AgIFCcyl0T29rRjp3jvVgjcX6kfCBORVFxyTaTFVS5A5mM+fRtqC9yz j0O8lFY2PyKmcBkvj6etgtfEpsLtzc7wVjpng0W3mOyioE9RNkMBpooQxyHaMrn9 xqaOiMXSnVbpsb5fbHhFqsrLPiV4XqMTo90BT7MktgAhk76LBqCsdJruDCrgW96Y UoFy9TDDm1eAINBdge6k40rSboFm7fuddOgEp5wjX+hCx2ZG7V/RPTtw5+VKDENY 99XOg1kUA4Yl/qPkAB3AS17a75CfWRWN+eUzg8OiTtQb5LB0UZQ9dgnyFqUluIJe ABWowxWAHmYeDZ2YClGd+gD8gHFYxMWOsxntWX/Imb46iPdu8YtEZDzWfzjxsssR 5NhNccRsAtRj7Ade7EVrqhhDH6XksVmiypJA6nyzuvysZ/jjR/PIEH74lR5Ssux5 YE9UkGb8FWmDpzGz8v7+oFCaonPHWw6MJjqsnKM53IldyPwnNYDYRlB4tqLemmJy pShoVwGRaLT4x9o9AeIRw1UYY6UCKWxzq3TwlPS9TdRwP2zH4vN3pUquqo6+LW2w a0/Wc0UMxuhMPHfkUjIWNrEeNE2ZhzwlLG1n4waesl5EkFTQeTs= =j35F -----END PGP SIGNATURE-----