-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 May 2016 06:56:40 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: all source Version: 2.9.1+dfsg1-5+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 812807 813613 819006 823405 823414 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.1+dfsg1-5+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Heap-based buffer overread in xmlNextChar (CVE-2016-1762) * heap-buffer-overflow in xmlStrncat (CVE-2016-1834) * Add missing increments of recursion depth counter to XML parser (CVE-2016-3705) (Closes: #823414) * Avoid an out of bound access when serializing malformed strings (CVE-2016-4483) (Closes: #823405) * Heap-buffer-overflow in xmlFAParsePosCharGroup (CVE-2016-1840) * Heap-based buffer overread in xmlParserPrintFileContextInternal (CVE-2016-1838) * Heap-based buffer overread in xmlDictAddString (CVE-2016-1839 CVE-2015-8806 CVE-2016-2073) (Closes: #813613, #812807) * Heap use-after-free in xmlDictComputeFastKey (CVE-2016-1836) * Fix inappropriate fetch of entities content (CVE-2016-4449) * Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837) * Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835) * Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447) * Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833) * Avoid building recursive entities (CVE-2016-3627) (Closes: #819006) Checksums-Sha1: 09f25ba5032fe276316f25b2f2845a9f41666130 2591 libxml2_2.9.1+dfsg1-5+deb8u2.dsc 307d1a803dbb46731fd37ba2796a8901607dc5b8 62880 libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz 539ba130fbe761bf6ae8608b7e03f49cf99833a0 814510 libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb Checksums-Sha256: a3bdc94653d45c2095f9bab65c46b5c7ab2bb63c31e1b41ad6190eca66f7e717 2591 libxml2_2.9.1+dfsg1-5+deb8u2.dsc 5440d0031fc34880733fec681bf3e5acf3630b5412ae0731e6418f68ca2d0b81 62880 libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz fc8ef4b331ba5fff28436581aea8f9ac8069b633a7b74765cdf38aff89601c1d 814510 libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb Files: 517aa199d7166cdca33b83003bca8aca 2591 libs optional libxml2_2.9.1+dfsg1-5+deb8u2.dsc 3d72631c0f0fdae4b49764d8ad8e958d 62880 libs optional libxml2_2.9.1+dfsg1-5+deb8u2.debian.tar.xz e3049d4681201d19bd5a9ebdf1d961cd 814510 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXSScJAAoJEAVMuPMTQ89ESjcQAJWjj2LVXItdXF69FNTOOynb Bm8Lm0zP0rpBp381ArvIO5VhUyUxI2Znp/yJbhcCtk0keEpdnwrXy7vF8FWKrtbg GeprvF7u8d3QAr3zzJ39LDoHyrJVr1XEcpIAYpJln1jnRsFPWEnh2+FVo9Uh+Pxw 7psefF9QwWqyzGNoxmupQ3oHAsezGPII+HU7yLWAMabQrSbcCn9y6DMk54QkBwrI J1X7D8veDDwn0toxZmpGC7yAdfvHuBv3uw7dQPiBPIFfvVnTTvnc2kHLaUH1NSPS IfItwub2SoTrKCcidfSnA+NGKMVZPr0u7pocq3DIoXRgpJbfV7DhWvNDKE6hensn HYJ4gjXx9RVZmt6OUphR2Wf1WlDrC6ezS2tBBQ5lUUW/OOg3AF6ml5FcgdxiuP/q e78TO0pkxkECTVgbll+WAut7H+HyIaPsI81UY564YtSg5xQTWdlywwQhmlxylWV/ a86BcWARjaYHQiave/2Mm/oxl/j0ivTEo/ok787fT2FExRE2ofGeJNxqe13X3d36 G543GNjt8wJi6TEatDF0semb1zbTqtC5xtdEg/tBjwYgm7wlifDW0lUI+s5p3Z2C VGoXEZx4Uc3mOaq3QuakIRPtVI4a+Sst8SfxtZydqnYRO+WpbY3KfbBnXhgzThpH RWh9XtQB2OXT6ffvlD6X =k3h5 -----END PGP SIGNATURE-----