-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 15 Apr 2023 20:52:15 +0200 Source: libxml2 Architecture: source Version: 2.9.10+dfsg-6.7+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1034436 1034437 Changes: libxml2 (2.9.10+dfsg-6.7+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK * Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484) (Closes: #1034436) * Hashing of empty dict strings isn't deterministic (CVE-2023-29469) (Closes: #1034437) Checksums-Sha1: c4f079a5d2fec51dd4940764f45471a58cecd1e0 2859 libxml2_2.9.10+dfsg-6.7+deb11u4.dsc c81ab44e7161a6eea076731546170f3597b9f7fe 41904 libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz Checksums-Sha256: db8806a35ae170159cf267bb83296f1fd6310dedab53450e4d3f5e8af2937c4a 2859 libxml2_2.9.10+dfsg-6.7+deb11u4.dsc 62037376765cc8e5961771d758b8efa9fddce3cce6fd67c31bc111ddff656654 41904 libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz Files: 9b4e96bb31f42607a0c3bb4bcdc794b4 2859 libs optional libxml2_2.9.10+dfsg-6.7+deb11u4.dsc d14f4789d2783a8a502a53409381f3a1 41904 libs optional libxml2_2.9.10+dfsg-6.7+deb11u4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQ689tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E57cQAKImvi6RHkhwClDitqTL3n7TJfND1uhd Na4Sa9QoRZI2wqwJveA32gmHV/QhZG9KQMGgIVZNE4E241NL4nTicivNytWc/rPo QGNy6VfSL5NM414H2RiiHn2iJd6x9vQqKiLXsO0QvT6zlOEwjBtMP4FqGTiHzx5E aAoQrL6oBFGwR1aPpl5VEsT+R5427cmxyn4PIhf2V/vIOlEpu11qcv+s0LBFtNWj HpKcM3jXH7niXVfufFha/8x4ABRHYPQAUV5IJz14XHS1HYZ9Cmdap7SahXb1ofJ6 mLjhwfq7m0m9FflJLtEfFWKCR9ByGTtbxEyNuJmVRLg6ZnW5aBP5TRvtjzs+oguo azE1D1GmzzbgRUDTsvfniP+WPJRyuj2N4UZ6k1ioUhhbJMvJ0ot8KCivH0Tv9Wg0 OQvXQQksx7Ssq3fanG6+JTopfExHH1tGerxw281sLLis0WybQmIJjrhtNCTqmCX5 +IpOz+b8Zm2bKOxiKul/TSw0f4nX4KxDQCQjWmEG8jdqA+RDlKysaDtzJDq+GFjZ OniJFEk01wF3nVHSBKKfZZ4h47UwOJ3vK+/cni6keXZETeJvd2WDLCyasA8+N0fb sjNDwQN0rzvM7gZC1smKVUt88qC4gltKSV90MuOqlBL0HQ31mPcLxq17xprMHuma cLsskx89MzJq =x3XX -----END PGP SIGNATURE-----