-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 22 Feb 2025 09:47:48 +0100 Source: libxml2 Architecture: source Version: 2.9.10+dfsg-6.7+deb11u6 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Tobias Frost <tobi@debian.org> Closes: 1051230 1053629 1063234 1094238 1098320 1098321 1098322 Changes: libxml2 (2.9.10+dfsg-6.7+deb11u6) bullseye-security; urgency=high . * Non-maintainer upload by the ELTS Security Team. * Import patches for: - CVE-2024-25062: Use after free (Closes: #1063234) - CVE-2023-45322: Use after free (Closes: #1053629) - CVE-2023-39615: out-of-bounds read (Closes: #1051230) - CVE-2022-49043: Use after free (Closes: #1094238) - CVE-2024-56171: Use after free (Closes: #1098320) - CVE-2025-24928: Stack based buffer overflow (Closes: #1098321) - CVE-2025-27113 - NULL pointer dereference (Closes: #1098322) - Add patch t oavoid stack overflow with XML reader and recursive XIncludes. Thanks to Adrian Bunk for the triaging and preparing the patches. Checksums-Sha1: 581bd952e2115baa42b981e27c76afa083841afc 2704 libxml2_2.9.10+dfsg-6.7+deb11u6.dsc d35a71e9cae13f65bb7fea770b8b47eda3b098b5 46852 libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz 85271f96eefe708f11ad8cccd8040dcc8c6c56a9 9672 libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo Checksums-Sha256: d25a3efcde1db33d7d958278d3df23c08deb0f74b8707fdd562308feb78a88f4 2704 libxml2_2.9.10+dfsg-6.7+deb11u6.dsc c9a7ee863cebbb9946556e64d8f3b884d428d95efd0d1cb8f7239f02c9373b9b 46852 libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz 81fcf3c49b2e9bf7cb20d6b799bbbe8805fc28f6d1cd134c76cba81b20caf402 9672 libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo Files: 5eb1022509204cdb86d49b0adb6578e3 2704 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6.dsc a2e7231333163720657017d99d042f53 46852 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6.debian.tar.xz 3e4c6a4ad00997b4c2d9c0a21bcd06fc 9672 libs optional libxml2_2.9.10+dfsg-6.7+deb11u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAme5n4wACgkQkWT6HRe9 XTYclRAAhenBR+eV62ZqrxfAiBJ7EC5aj49xsvuddt4BoD+YaOLlIfmm3lMl0NhE Gnu0W9Fm8Ap9xaIZxocEtko63S85pGj0Uxm/U5BneI2bwX2HEilddnRHbOsAS3tK Awn1LMGMKyI+h5ltSvK4Q0bAbU3b0/Ja7KBnmrORXIj7yBEkaXqkN69Zll4fREny nfcrNUWuJ2NaDrc3UUoNDxlhkTyCm7QJPreIdY4Ay/T6cNQ4FX8e0vCkApnM9zcr mxV5+y5UsufhovUnTrLCtekEu7XQPVVSOXoeXIv7pAYJsvJueMX2x4DvUUjtDMgm gGtmHGvJ/FtfHsGlu/72AaQqKZ3T4aUsFYqCerWQSDGAU/EGmeHLHvdMlGYB+eMV Vwj1HDzhHIGCcUgDibgAa0cGcRq7aspGskeWPJyDrIaa9R/gbfVpxpiDZnlVLnPC /tmoBtOK0Zdnm+qXof/PBm/O2mzeOursKvgyUyFf03CKfSI4OFG47MZHMlDQRmPZ mNUgWah1iX+PJFhq3DCpRPmO68VZtBUKiRGo3nyjVW2d4v+MsHGw0UoVjRojeIBE dl4nASEgW76Pk+p9Pz+JiePS3X8iFftGKBaXBUXPU9qPjKX1bb1fv3qldBrFaRvN UAdz139CTFRo+jx/Cj2Zdfzike80SlC3E2r8ncjZY4hOoOOvnis= =ZPmS -----END PGP SIGNATURE-----
