-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Mar 2025 11:54:17 +0100 Source: libxml2 Architecture: source Version: 2.12.7+dfsg+really2.9.14-0.4 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Matthias Klose <doko@debian.org> Closes: 1071162 1092484 1094238 1098320 1098321 1098322 Changes: libxml2 (2.12.7+dfsg+really2.9.14-0.4) unstable; urgency=medium . * Non-maintainer upload. . * Don't build with ICU. Closes: #1092484. . libxml's README.md states: . [ICU](https://icu.unicode.org/), a Unicode library. Mainly useful as an alternative to iconv on Windows. Unnecessary on most other systems. . ICU 76.1 requires to be built with -std=c++17 or -std=gnu++17 or higher. However including the ICU headers in the libxml2 headers, breaks builds with older C++ standards, most likely leading to some unrelated build failures for packages that don't rely on ICU, but are using libxml2. . * Import security updates from Ubuntu: - SECURITY UPDATE: use-after-free in xmlXIncludeAddNode + debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c. + CVE-2022-49043. Closes: #1094238. - SECURITY UPDATE: buffer overread in xmllint + debian/patches/CVE-2024-34459.patch: fix buffer issue when using htmlout option in xmllint.c. + CVE-2024-34459. Closes: #1071162. - SECURITY UPDATE: use-after-free + debian/patches/CVE-2024-56171.patch: Fix use-after-free after xmlSchemaItemListAdd. + CVE-2024-56171. Closes: #1098320. - SECURITY UPDATE: stack-based buffer overflow + debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name in xmlSnprintfElements. + debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in xmlSnprintfElements. + CVE-2025-24928. Closes: #1098321. - SECURITY UPDATE: NULL pointer dereference + debian/patches/CVE-2025-27113.patch: Fix compilation of explicit child axis. + CVE-2025-27113. Closes: #1098322. Checksums-Sha1: 4ee2efb936758253ef120e3c750711864f31ffcd 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc 218ed9f116cfd8c30f4df7aa4bd2db2cd3c2955a 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz 2065aef4edd178db210f6ced5aa968230496c829 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo Checksums-Sha256: ed52ed86b0dbc448c79490829aa8f6b73abf37794e3be27d746a8aa1c90a94e0 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc 02dd4c440b5b8bd9376030b5e224a0da707d60e649eec28787b35ebdeebb4f0d 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz 51fe71139020be0e527439c9c11d976c29b6d472b4baf184c8bfca5612686142 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo Files: a0c3b4161adbd5a2e0336b8045c82712 3060 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc 8407424fe583724ebcb524551e40e7c1 38312 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz 04ada705651b2ddaa9354f5ee2336f45 5982 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmflMV8QHGRva29AZGVi aWFuLm9yZwAKCRC9fqpgd4+m9ZtcD/9+hUy7R3PvY4+DQtFgnWHwATOi6SCjvanE IYXfGflYhnWC18XZwRSxFgJlfsFTVcPJQZBZ9Q4iwEmEHypi9vK7ElrbCblDrdq/ QSY7E5QNGH7tkI7MRPIhskkx87MI7zt2B5+qcNIgBARJLDbTYKLrbd7gArwkJyQa PsdkYlr+2GvLh5DmtFls2eZ+bXE5fSEGoxcXeYzbW5Z4guTdJlsGFiJnaYuutlyL zr3L3lZsoapGzoc2tNOsDcVzZF2r13A+jgnd9JQYBL9tJ838tj4Jzapu29cAJ7qM MIPcK00eYunQnovhVW76XjDHKO6pGKJp3zQqkEImcQo2sLQHHeH5v52gRJbwgMab up4hZ6EGLnsss2pj+1q14QGTUIHrHJvjFDJrDJCJRs2eL+h1Zzth1ZwHwPv8LSDN UN8/hFcaOgPjZHHJidknjvt5rjbu3/jKP6Na7fz/hnFxGja50zvUbO9CvktAnI7n drDP3zo2uNg4q31Xs7ZhOjUQp0RYxtMOoLYv6aA1RT0CH/ACclGccTv+6FqUCDFy 1cQQ6JH0rVF3O4iJQu3TeXyBndyTVisNYVj348UPIqsbqUGCTZ0rpLvS0LsOTljt 7KV30J142MyIJ1ter5USKqZ8NflNwSi3onwio894ydHVOkEbEb6KmRRQBci5V519 Egyx6sesfQ== =3LZF -----END PGP SIGNATURE-----
