-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 12 Oct 2025 02:04:59 +0200 Source: libxml2.9 Architecture: source Version: 2.12.7+dfsg+really2.9.14-2.3 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1109122 Changes: libxml2.9 (2.12.7+dfsg+really2.9.14-2.3) unstable; urgency=medium . * Non-maintainer upload. * Merge changes from libxml2/2.12.7+dfsg+really2.9.14-2.1+deb13u2: + Mitigate CVE-2025-7425/libxslt: Heap-use-after-free in xmlFreeID() caused by `atype` corruption. (Closes: #1109122) + Fix CVE-2025-9714: Stack overflow vulnerability via crafted expressions due to uncontrolled recursion in in XPath evaluation. * Fix unit tests for CVE-2025-49794 and -49796. Checksums-Sha1: fef3c5402826ee0d6c041840ce0ff6ea891f5963 2972 libxml2.9_2.12.7+dfsg+really2.9.14-2.3.dsc a6998c2534672414709b48d5f04be675e94ad5c6 49500 libxml2.9_2.12.7+dfsg+really2.9.14-2.3.debian.tar.xz 7639f91c3876795ce65c7374099bcc867c41ca34 8447 libxml2.9_2.12.7+dfsg+really2.9.14-2.3_amd64.buildinfo Checksums-Sha256: a7eadfadecd2bd4c7251e29b38e37ea7f3e6a9945d36dc64dd443b239fb0b8e5 2972 libxml2.9_2.12.7+dfsg+really2.9.14-2.3.dsc 2f7c3d00f31d2a4ef691d324da2ccb8808eb09735b845f1d3da87da1cc2fb839 49500 libxml2.9_2.12.7+dfsg+really2.9.14-2.3.debian.tar.xz e69cccc8dc25ff11e6b914794d93b473ba8cc1b448ebb8eac52fe4517039a57b 8447 libxml2.9_2.12.7+dfsg+really2.9.14-2.3_amd64.buildinfo Files: 78e9359d17ff678ee7b3dd946e3ecec5 2972 libs optional libxml2.9_2.12.7+dfsg+really2.9.14-2.3.dsc 5f9f0e6a4c5d5eb787fed1dcdaadd5d5 49500 libs optional libxml2.9_2.12.7+dfsg+really2.9.14-2.3.debian.tar.xz 35e2e0a1c6cd00c769ae3f4f6c3ec8ff 8447 libs optional libxml2.9_2.12.7+dfsg+really2.9.14-2.3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmjq+HQACgkQ05pJnDwh pVJ0Wg//a5zDyVRDcPhRVRZyz9GVsPhFdUTFCrzLDgWYRE+6aCgkGGMRR1slaVqY EQQlTowdzhpJiOM/BsfFMO7cJ78r0+NAUhgWV9qD6BS2G0qh65h63wKmNvyk1Xrg d3YA0qeaJyMQbbjCm9YdvB+dUiI5pcqsk52DgrmwlVxBkIgty2honRP6ORKiM83j +7i4u/hb150A4WqumEW1ZiovCaEnJxEsHyAzcuFIsow6acsXVehKYiaKE8pafjgj TEU6Z2Y0pIUT0ceDPd7iQggCMEiDnUQOCRsFSTxHCgUfky4ThvvZtd141JaEfqD0 wE0YgADISMo6hQlHczqJRSjcCHVp7N0lhPoWAor+V9MBwFgVBzjbY7vRjfjpZ/zx qk8HnQAG10JG/gNYZAVyZa7FqIp9uZmi8UiwcyR/FVE5ywdyb76xqrB1BQpQ03hc Em1b/6eMCayOjfEzrr3yV0GXSGQKANxKLzI14XgmJGLI6quAnBozUJYVoZv9kD3X Pb4D8jMpHEn9p8WKqtPkbfr7tLmzKy0X9vskkkUI9yuoDEalBqS5e3G9MEJaLqPG niCGNAeAAVaM75YSwUpc13LCMA91SUuP0fSKpb8nlOV7TAljiQ8+/Edy1xx8qvIY wbjd9hYKXWgke+LsaNgOfMkHtBi7oC1Pc1fLD0HnOeEvMmbLEDo= =q7lq -----END PGP SIGNATURE-----
