Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libxml2 2.12.7+dfsg+really2.9.14-1 (source) into unstable
Date: Thu, 15 May 2025 08:34:49 +0000
Signed by: Aron Xu <aron@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 May 2025 15:34:25 +0800
Source: libxml2
Architecture: source
Version: 2.12.7+dfsg+really2.9.14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Closes: 1051230 1053629 1063234 1102521 1103511
Changes:
 libxml2 (2.12.7+dfsg+really2.9.14-1) unstable; urgency=medium
 .
   * Acknowledge previous NMUs.
   * Security fixes:
     - CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
       (Closes: #1051230)
     - CVE-2023-45322: use-after-free in xmlUnlinkNode()
       (Closes: #1053629)
     - CVE-2024-25062: use-after-free in xmlValidatePopElement()
       (Closes: #1063234)
     - CVE-2025-32414: out-of-bounds read in Python bindings
       (Closes: #1102521)
     - CVE-2025-32415: heap-based buffer under-read via
       xmlSchemaIDCFillNodeTables() (Closes: #1103511)
Checksums-Sha1:
 b97189be45f90cde97146e884421ebb927cb3f0b 2681 libxml2_2.12.7+dfsg+really2.9.14-1.dsc
 acf604965fc6dc6685ac168c58adb77642dcd36b 40760 libxml2_2.12.7+dfsg+really2.9.14-1.debian.tar.xz
 e6b1d496ceb426e15a96d28169070d2d8ca8d180 5704 libxml2_2.12.7+dfsg+really2.9.14-1_source.buildinfo
Checksums-Sha256:
 bde8a79865bb079ecf858b54f1a89fd791135b7cff228cd63900106bb37ffae2 2681 libxml2_2.12.7+dfsg+really2.9.14-1.dsc
 070629f9101eba338ddcf6e66933246a1f072e7e0eaf57c314eced6174e8fe05 40760 libxml2_2.12.7+dfsg+really2.9.14-1.debian.tar.xz
 b166b2c08db4e61aba7d442d67cf0b90a8ec724b8a0aae74735927bcd9eba040 5704 libxml2_2.12.7+dfsg+really2.9.14-1_source.buildinfo
Files:
 f90edcba0e46778fb3f54d286169af90 2681 libs optional libxml2_2.12.7+dfsg+really2.9.14-1.dsc
 1db86677aa23c3e7bd047cb123ead863 40760 libs optional libxml2_2.12.7+dfsg+really2.9.14-1.debian.tar.xz
 eaf3a0ab247f9179094fec1f18d6f52c 5704 libs optional libxml2_2.12.7+dfsg+really2.9.14-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmgln5gACgkQNP8o68vM
TMixbAf8Cj9XhoyYQiKbIi7CM91JpqHIHRU+bL7jonHaz38MyogAtAJaNE83t325
f/n4l8oS0LznHH9zVdszWtMYhmlaaCqKi6FeJ0zVkcUZ3ib8Xv5IuYpdiPxixZ/J
18SwXnOF7ASnOyT/ETr/ib+/S8JCtIB7LXxih/OObN5SRTflrxQKqVTpgKqZJhaV
aI4d4ytRkLG6bokQ9tqzcEir2gi6DwpZQVrb2JswMmw/DsyESIQEvAgN339drKKi
oSpiqGnbmOHbbAyvDJ/VlWM2bSaB5JG2bgK7IjmZOOFJBnmBPm7WoygKR3GMHbwf
CvRP47JCEsobWdauzaQIK8chO50rhw==
=v51D
-----END PGP SIGNATURE-----

News for package libxml2