-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Oct 2016 19:03:02 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.8.0+dfsg1-7+wheezy7 Distribution: wheezy-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.8.0+dfsg1-7+wheezy7) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-4658 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. * CVE-2016-5131 The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Checksums-Sha1: 3d700ac667145adf77aab207347558f4386729d5 2640 libxml2_2.8.0+dfsg1-7+wheezy7.dsc fcc1bca14d2c7dd73c71556cf0a223a73bd92305 3554683 libxml2_2.8.0+dfsg1.orig.tar.gz 900a55712650c7ab0791f01591da58ea9e264a2a 69016 libxml2_2.8.0+dfsg1-7+wheezy7.debian.tar.gz 1f4d7a9df53da34eb60878b36bb726679737dae6 906398 libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb 038fb52fb4e7777e4cd22e551216c77c6fea9c50 98374 libxml2-utils_2.8.0+dfsg1-7+wheezy7_amd64.deb d15056497d7aecf4df8635991c2fb31109e65577 129242 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 5d47d4a523b9220836492034fe233611e1618306 905092 libxml2-dev_2.8.0+dfsg1-7+wheezy7_amd64.deb 0173f77501cbb3ea702a23eebeacf2d0c37871c8 1402282 libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 371e16e722040955ff4f1f3783481452880cd51c 1385192 libxml2-doc_2.8.0+dfsg1-7+wheezy7_all.deb c955661edcc717cf374cf28e1cb1cf6b728e4d11 348740 python-libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb 5678e0f59056d311c8835af842a562be5dbc15fa 729842 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb Checksums-Sha256: 555c6d36a0b6f7f1fa10cd2901e608c05dca4bbf14770c9235f085d33181aa10 2640 libxml2_2.8.0+dfsg1-7+wheezy7.dsc 46f339843967e861e81f8427373ff2a3d0a8cb608022dea16aa1d345ddcee338 3554683 libxml2_2.8.0+dfsg1.orig.tar.gz 78cd3a18f432203109f8b717523488b5b25ef812cb1141088944ec4bacfd0f90 69016 libxml2_2.8.0+dfsg1-7+wheezy7.debian.tar.gz a9959b89808257c32b6148659fc57c0ccc510dfb68110e8c73a7eb1d99bc3a6e 906398 libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb dfc970fa21f82e2dd6f386f37908f3783ef3ac6a1762bf3724ea6129186a1fc1 98374 libxml2-utils_2.8.0+dfsg1-7+wheezy7_amd64.deb d8bc3ccd040efd1a8a439b449c5013181d0712201f28a8d601f2abf3a0986bb3 129242 libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 695c45f007342875ac76a9424f31bd3b222bbfeb038636cfd89d3f6b4829358e 905092 libxml2-dev_2.8.0+dfsg1-7+wheezy7_amd64.deb 7e7ec9f3eca2a7b6ec6bed1fb8ee99f23b6ad50c57cbf8ae71fa15a5c4db371b 1402282 libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 92dee3911205bb36aa0b97584bbc1f039deb7b3803572b8e4d670bea46b4a1c8 1385192 libxml2-doc_2.8.0+dfsg1-7+wheezy7_all.deb aec5cd4eac10fe1b5f04cd2b28f207d1cf8a3ae2e993d05c366ca4c4bfabd7bf 348740 python-libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb 7a42786dbaa16607789c2dd0c8aee5b715f85e2cae53cd2f87f7799b7477e5e2 729842 python-libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb Files: 7635b3dd6e286526dfd1649971bb6deb 2640 libs optional libxml2_2.8.0+dfsg1-7+wheezy7.dsc 008920f545a36da4eca363d0c1a0ffee 3554683 libs optional libxml2_2.8.0+dfsg1.orig.tar.gz c437f17c566556694b7e24f1a4ec2891 69016 libs optional libxml2_2.8.0+dfsg1-7+wheezy7.debian.tar.gz 23d4664c862a151ef347bc39cb265168 906398 libs standard libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb c3091f50ae10558f8cafdc1202eea72c 98374 text optional libxml2-utils_2.8.0+dfsg1-7+wheezy7_amd64.deb 4fa21c1e1871df06aaa30802ad8f128f 129242 debug extra libxml2-utils-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 9519d6ace25490e08317803262edf014 905092 libdevel optional libxml2-dev_2.8.0+dfsg1-7+wheezy7_amd64.deb db45880559970f067fb1b087b4ec35a2 1402282 debug extra libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb 16758d9976be31781b5f67c532924d78 1385192 doc optional libxml2-doc_2.8.0+dfsg1-7+wheezy7_all.deb 58a034b57b0db9e3e07ae279860f2b9d 348740 python optional python-libxml2_2.8.0+dfsg1-7+wheezy7_amd64.deb a64cab507760a1108b90b859e1b9acb7 729842 debug extra python-libxml2-dbg_2.8.0+dfsg1-7+wheezy7_amd64.deb -----BEGIN PGP SIGNATURE----- iQKQBAEBCgB6BQJYF1WBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3ExxkZWJpYW5AYWx0ZWhvbHouZGUACgkQlvysDTh7WEeu AQ/9GCoZlSdO9ImTmIL3omfqGWTgDILlVwt8XPy9NC1Y6i5w6R66m13cYfPNEAKG WHMcd3i1liXqEaVrFDKyAUaKErD3iBzHKyd61Fy9O6zCUMJj8DCG0/Kk4dLlfR/K QaunZ207r0WEWx9rE1PocBr5f3xPsDYFjCLEriFQyIRu37YE/WLILslBZUO1BhtZ oMUkuDQ664Wwu/Kf6ieHWDHJ4tg6DVRYQ8JiO4QiiwJLkT2uWlRVnxrQqdBR69/I IpCyudQuPPq3d7+vWDe8xpTwFI0hBPF2/O/0mlbplesPPUZuK2SAeQxD913j3jcq fnPby0PCucF1oc7CqkKPc2LKuOpk75EHe3AOuaxsSfEMyCxEKg2jmx7Rgm4Ndmrk jbd6fTXZGCpGpN5yzhpowwMAdx01vJ1pNFj7vIees13fC+be00WXJ5iLNSm38Tkt qGT/ZE2qs3egLac/Sa+giJTSoJWiwGyycvia/67z4saaSnbOC5S2bLVIVZ7cVbAl Qdv7eRjVXMVKTnIWLVcNhmXxunjg3mshpqWOW/5miPplub//zm+HH7IKnY7ppX23 QxcUFpikh/CRxTUR5cxAjb+isl7IEVLEuPPRuz04RIo0OrNTS5uYA8abtuhvn6SA Pd4LVpVDOMnOMh1XTopyyAKNo+3tV4ZJ4Ju921gis3JpY68= =Ykij -----END PGP SIGNATURE-----