-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jun 2026 00:45:34 +0200 Source: libxml2 Architecture: source Version: 2.9.10+dfsg-6.7+deb11u10 Distribution: bullseye-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 1125691 1125695 1125696 Changes: libxml2 (2.9.10+dfsg-6.7+deb11u10) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2026-0989: Specially crafted or overly complex schemas can cause excessive recursion during parsing, which may lead to stack exhaustion and application crashes. The parser now enforces a limit on inclusion depth when resolving nested `<include>` directives; the limit defaults to 1000 and can be modified at runtime with the env variable `RNG_INCLUDE_LIMIT`. (Closes: #1125691) * Fix CVE-2026-0990: `xmlCatalogXMLResolveURI()` will recurse infinitely if a catalog has a URI delegate referencing itself, eventually resulting in a call stack overflow. (Closes: #1125695) * Fix CVE-2026-0992: Denial of Service vulnerability due to uncontrolled resource consumption when processing XML catalogs containing repeated `<nextCatalog>` elements pointing to the same downstream catalog. (Closes: #1125696) * Fix CVE-2025-8732: When a catalog file contains a CATALOG directive pointing to itself, `xmlExpandCatalog()` and `xmlParseSGMLCatalog()` recursively call each other without bounds until stack overflow. * Fix CVE-2026-1757: Memory leak issue in the command parsing logic of the xmllint interactive shell. * Fix unit tests for CVE-2025-49794 and -49796. * Backport some more upstream changes from v2.15.2: + Fix memory leak of prefix in `xmlTextWriterStartElementNS()`. + Mitigate use-after-free issue in `xmlRelaxNGValidateValue()`. + Fix memory leak in `xmlTextWriterStartAttributeNS()`. + Schematron: Fix additional memory leaks on error paths. + Catalog: Fix stack overflow from self-referencing SGML CATALOG entries. Checksums-Sha1: 324c35284c3aa39531a2ee34d39a5aec1e08951d 2748 libxml2_2.9.10+dfsg-6.7+deb11u10.dsc 2578c0817feae47d78c4f987c7a2a32f87d89517 2503560 libxml2_2.9.10+dfsg.orig.tar.xz 8001296875752c9c65799bafd5853ba931d0ea2a 65632 libxml2_2.9.10+dfsg-6.7+deb11u10.debian.tar.xz a377448a7dd0df0b403c26b295e4b42306c2879b 5855 libxml2_2.9.10+dfsg-6.7+deb11u10_source.buildinfo Checksums-Sha256: 44d88e8d8734683db9de0c3e36360655579f6361906a5333f49a9f9ee970bc01 2748 libxml2_2.9.10+dfsg-6.7+deb11u10.dsc 65ee7a2f5e100c64ddf7beb92297c9b2a30b994a76cd1fab67470cf22db6b7d0 2503560 libxml2_2.9.10+dfsg.orig.tar.xz a3326752ca2f781ecbae59b286272a3e3a8b9a1d070c54e813fcc0c43589e8bf 65632 libxml2_2.9.10+dfsg-6.7+deb11u10.debian.tar.xz 1a47d76b0fc87b3316a02036cb822eef0bb26e597be5d0fdbd846cb5d862581d 5855 libxml2_2.9.10+dfsg-6.7+deb11u10_source.buildinfo Files: a9ff4a7af78e0b9f7400202a7b25ed28 2748 libs optional libxml2_2.9.10+dfsg-6.7+deb11u10.dsc 4fb60521425df67f453b3c1ff0efbc1c 2503560 libs optional libxml2_2.9.10+dfsg.orig.tar.xz 7d14950881257b602af866a87ce71390 65632 libs optional libxml2_2.9.10+dfsg-6.7+deb11u10.debian.tar.xz ede9a270aa494443ea213022dbdda2e2 5855 libs optional libxml2_2.9.10+dfsg-6.7+deb11u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmomascACgkQ05pJnDwh pVKHpw//S3zR2/0JaVzvLKpaJ2XCOsJ3CRmwpEDupKTwJCrq9WP21qekT/dc8voZ juRyVymyMQDAO1NTvNchR+YgwQPRg27HpoQCW3WCkJ2H4fp2ORJ8HAncNiwjW4bW mXLkYiMycGxdfuFr+gTXCANluiJmGZk4YJftvc/dVnvmSU96u+IKDEduWZO48tgX XxQGWtcG62tkpVMf6bZW6omJWeN1C+Ko5+Ki9N8J2Mk65r8iXUjsvY84jxVybbIC THHl7Nn6ym3M6aTfnwKz7wUOjyl3yy8jmlvCpkTCkNUHImJXw3iMLNL7fKRGp0SU yc4X+dRspEdP3DVytIlaGi59B7FurZHIRtQn7CH4vjkoxy8Ro1n/MvFE98FUbVa8 OSib1gruhbOLQgQTYSc3mfcqvNlDG/YCXsnnKAgmTbjclnE1K+rd+TBNMiD4WxWT UlRH87RYqhb8lNr3saF6mMshSS1pjpWDiEj3HA97aSOVyzxv571wS8lSO4IL0XxE JvScqK9BVUQyRt7qj/SQmmcyq2sPc8yRUwL+45fbBLUBzGczjZlg+n2HB1O8nahU gNPYg8lXRCBCC2wbmt0HKUVpIWxQfmnrDRBJhdGK/Sbc4K3UvWffwRwrAj4HY4mv mGgSayEiEJ7rokTo+nk6JSXPHy/kKIhDsnxrHRxEdzOCrqW7t/k= =t1SH -----END PGP SIGNATURE-----
