-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 May 2016 06:51:08 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source Version: 2.9.3+dfsg1-1.1 Distribution: unstable Urgency: medium Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 812807 813613 819006 823405 823414 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.3+dfsg1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Heap-based buffer overread in xmlNextChar (CVE-2016-1762) * heap-buffer-overflow in xmlStrncat (CVE-2016-1834) * Add missing increments of recursion depth counter to XML parser (CVE-2016-3705) (Closes: #823414) * Avoid an out of bound access when serializing malformed strings (CVE-2016-4483) (Closes: #823405) * Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840) * Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838) * Heap-based buffer overread in xmlDictAddString (CVE-2016-1839 CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807) * Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836) * Fix inappropriate fetch of entities content (CVE-2016-4449) * Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) * Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) * Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447) * Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) * Avoid building recursive entities (CVE-2016-3627) (Closes: #819006) Checksums-Sha1: b71f106c35efd70433b37368ee862ac9752aa349 2583 libxml2_2.9.3+dfsg1-1.1.dsc 3e6cf816b41f9e3f70520096be8da0cb738804a8 39456 libxml2_2.9.3+dfsg1-1.1.debian.tar.xz Checksums-Sha256: 50fc6db96e8f890262706c010c71bf771729a3768c2b9a44eb3b6c98313097d4 2583 libxml2_2.9.3+dfsg1-1.1.dsc 51889d4f48812d602fc107b5ed3b94903f8bfddf05e1624a8cb4bc07c36fdc28 39456 libxml2_2.9.3+dfsg1-1.1.debian.tar.xz Files: a8c5193060dc99c9882e5458826db04e 2583 libs optional libxml2_2.9.3+dfsg1-1.1.dsc 90f7f502b79ef1637b9962a3cea09c49 39456 libs optional libxml2_2.9.3+dfsg1-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXSSiKAAoJEAVMuPMTQ89ECJ0P/2u871OO4pgfeAqHDgA8LuIB xYgUviq+QSVh1E/6Ofl4Nqtvymh2Au0nwapVkmPrPvDP4ABHmHWoAIDViwXTqGPD /PvjZJlvH2PcF2SG/IQB12+TXfunbHd+eNruPeooQzIIusc5bC5aErfQyIsj79Gz uwHUuuVehxEhkDTkVfZ+cTzhVWwIjd9mnrGp8O05Ud7LYR02X3eIY94ic6BGAQEt RZS8WUcyUvqnZ/YPObZWUgbMMDsEFIht4Jsh9PbWTjjgxsgfxna6hzOPjFnESvse M5O/e1UjoHQsdTr0/MMRu3WUMssvUhrsQYSeHUN9eTDSWprW66YIwa277FRk+06o chV18BstB9nadpdiJgY3EdUJ/xsnIdTjni9zG8EXGOaQUNByC/53uiwXO+/+hpbp EP6nNFEmaReiFcY1FJS/XFFlfXiGZrgSvdOYSXvQLfABapdZ0MWZ+YeA71RWKYE9 VnQL/9lml0c2RflDyYdJFsStmzFkT3UCVxNoQP9+XX9MTG+YsrOYo6+FoR0XzZne WTu35rKiwCm107lqE3Q/L7il0TvAKSop2FgJPZC9Qscdz9aUWAwMF6C3dX0eRgnI 8hfHxvxoKpeOTa4RkLd7LxPwLJoGOQ8McTG3xy2tVjB7WvXIVS3/zbVqxwV8F1cn BsEi51AsXIzn9NoPsqH5 =0VWR -----END PGP SIGNATURE-----