-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Aug 2015 22:31:29 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.2+really2.9.1+dfsg1-0.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 766884 782782 782985 783010 Changes: libxml2 (2.9.2+really2.9.1+dfsg1-0.1) unstable; urgency=medium . * Non-maintainer upload. * Go back to 2.9.1+dfsg1 upstream sources so that xmllint works again. Closes: #766884 * Restore all patches available in 2.9.1+dfsg1-5 in stretch, ensuring CVE-2014-3660 is fixed too. * Fix 3 security issues by adding 4 patches: - CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Closes: #782782 - Out-of-bounds access when parsing unclosed HTML comment https://bugzilla.gnome.org/show_bug.cgi?id=746048 Closes: #782985 - Out-of-bounds memory access https://bugzilla.gnome.org/show_bug.cgi?id=744980 Closes: #783010 * Add dh-python to Build-Depends for dh_python2 Checksums-Sha1: a64ba3b2d1e0a8d751d04b17027e3a52bafdb203 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz ee0b0aa9016e5b4fb2540c9e313da13cfadbc59d 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz 0ce53f22f8b37fa2c53bfa990539e68175b6defe 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb d90a5a909dda1a468ee8dabd0ce461371f247a84 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb c6adce6ac2fa03d28082fb4fe1bc95cb4ead923b 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb c12af54d0d1b232abdcad95745e7052a20650335 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 00743fc3caace4842c0683bea31c96b3fba04c59 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 7e53f7bcaf88c22e7f92936602c2409ae7534b0e 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 08e6b589b120b30255681eb6f6b44d74369eda42 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 43c7c886b53082a5d8233274c001746f586bf049 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb Checksums-Sha256: d7292bed69d13a0d5255f90c3d021adc895c8cabf73b68972953804634417ac8 2375 libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz 14a2e268ecb2dd0b96dd1c468dca377936e5eb64194124541207e2d532917be8 44304 libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz 12de68dd50482b29539276d74ab6e355179f99c19da2d74f32174c154b407eca 1725594 libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fb5dd38969173e2de4a18b5e7d0d8a59185cb582a368211c192def3c89b4fdd4 798456 libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 313cce10929ba1c823b9ebcf0dbcac2e1ce2a5c0755d154793d6376114796755 815636 libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb 54b67e8a3050804a7f625b2487c21eea7d928de5b92025d1ee9b3c9fedf15c09 127552 libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb c402f79d5aeab057c5f72a21bd88ecdb732fec042a609266b9f47aa65b325bdb 91636 libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fb431837452da447c45721ccc75ab0b8af60a48611ff397b45728fec0d8f1e2d 905174 libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb a361ef7131b20905f5703a3cccad6bba6068d07f28c281feb5fb13b2ca88e135 318072 python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 838d0f9adf177764c266d6db710d7b21b3bfcd863baf90aee3a56605696d9f01 193666 python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb Files: 097704147dde7181ce315a40c3b416b6 2375 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.dsc 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.2+really2.9.1+dfsg1.orig.tar.gz 7a3231b2c0affc5e76d5f884bd87536d 44304 libs optional libxml2_2.9.2+really2.9.1+dfsg1-0.1.debian.tar.xz dfb85eee2f090b9f573cf36a3ac20fd9 1725594 debug extra libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb aacbf1b74b93cfa3d37884741e60b188 798456 libdevel optional libxml2-dev_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb ceda9e2246a1a9d7ef54602e67810744 815636 doc optional libxml2-doc_2.9.2+really2.9.1+dfsg1-0.1_all.deb dd72e2d3c8cc6824595a4eb5cd9ebe0f 127552 debug extra libxml2-utils-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 9838a3fc4f02987e0962e65f33916b9a 91636 text optional libxml2-utils_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb fde05b4d198e3e0ce9f94c89bae3aebc 905174 libs standard libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 95d9f1fa91bb02b8b4b6f87e36bee240 318072 debug extra python-libxml2-dbg_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb 61b55f83b6474fdff1daa4c8529ad1c1 193666 python optional python-libxml2_2.9.2+really2.9.1+dfsg1-0.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJV3OH0AAoJEAOIHavrwpq5aWIH/j+JC3AOVzgDLkoSqB8n/0YV F5gJiPSxBviKqty8K35V463AVzpL8K6elD8BmoCkMuL7VfRO69jkacP+VPc83518 kjxneOnZTCUGdJj7KdyWxosHbJ3msS36khu1R6q37wh0JpV6xWdZ4kZ7Uk2SeUPR UFdqpH8mf17gVAUuXP076YHLjkU9YQmPCuD1m98u6LxfB3Synxaz+UH9E3JVtBov HR4XihaYY/4cBzZx/5a/I5YlWpwvtlReeowf3PZpy2raS/633lHiv93ZQJegf8Ne +JjtiyF5sjRjn6ld8s2iZLW23/msVpSIJdUmhfKwFnHid1qigMbkuHagnOuw+zM= =L1K0 -----END PGP SIGNATURE-----