-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Aug 2017 17:36:49 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg Architecture: source Version: 2.9.4+dfsg1-2.2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 863018 863019 863021 863022 870865 870867 870870 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) python3-libxml2 - Python3 bindings for the GNOME XML library python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Increase buffer space for port in HTTP redirect support (CVE-2017-7376) Incorrect limit was used for port values. (Closes: #870865) * Prevent unwanted external entity reference (CVE-2017-7375) Missing validation for external entities in xmlParsePEReference. (Closes: #870867) * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050) - Heap-based buffer over-read in function xmlDictComputeFastKey (CVE-2017-9049). - Heap-based buffer over-read in function xmlDictAddString (CVE-2017-9050). (Closes: #863019, #863018) * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047, CVE-2017-9048) - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047). - Stack-based buffer overflow in function xmlSnprintfElementContent (CVE-2017-9048). (Closes: #863022, #863021) * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663) Heap buffer overflow in xmlAddID. (Closes: #870870) Checksums-Sha1: df8d7379224f77ab6a6c4d443c9bdefba287c141 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc ca9a4f7f1eab2b69ead6174885a5e6b1629ec956 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz 85d5216fdadbe362d11ec4bd19b127a5acf5fdcf 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz Checksums-Sha256: 9cd8802fa5c7a6c89a23c755b41f5e9a114f7e74c4b5aeb303516c1f298df87a 3049 libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc a74ad55e346aa0b2b41903e66d21f8f3d2a736b3f41e32496376861ab484184e 2446412 libxml2_2.9.4+dfsg1.orig.tar.xz 6c9e6fed9d68a7992057e6153972d1582fc75ff3140f619ba9c0b024351c14e7 33600 libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz Files: b651eec09442c237b38564cea286c342 3049 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.dsc 3ced197721416e7e2f13b0f4e0f1185b 2446412 libs optional libxml2_2.9.4+dfsg1.orig.tar.xz fe5416336a1b118695ac05fb4019a8c9 33600 libs optional libxml2_2.9.4+dfsg1-2.2+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYXFZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELtoP+QGKO/pvoqXCukGRP2N1YXz29cQg46zm hFHHXhbgHV3za26ZYB27BsSvaJMtAskYg3OZmBL+jsctDsZNJQrBmAG7l9sJ1a6J d1o+tG/r2cvVLnsSPUSPVaKTG4YyIuX06SLg9d0TJcCaPI4O2TsQ4MKpNKjXBjfi ELzyYGV2l9pPcstlyaAOXmL27Va0W1DVUQhoa8+Smh08deDkV8V/+knINTVoGDny KoUGUuPnHG8sjcRvhb+W+0pu5s4in3ck/KExtjdIjZws+m+IFrUqwiMJN06vmKcA T2j47mVRoAYHCnJqP2bssRGDMJKH1sxfG9gewna4R30KrCBjJNGRTahTtxSW6wZd VbhIQPCJ8+Foxej9xgL85RzjC0j9b99/3d2goaI3nfSXtr+FCZS9R0i2tCwq1Njk Mve6++QgDgmeZOTijR4QiBN/WSZDBa6gLP4RjSrmjcGTfjxms1e5jhKy4qaRlRMB wCmzCt7tbYBCYQ3YQ9zAich8bV43v2SHIwxrGn9ZzeLGbIdbQ0H6T7lHI/nIQoD9 BDXGP5AcD5FTzs2nlqFudzXnv4117er/LgFv6fBaEZzdt4NqQUesdKNibpvAH/L+ PO0cXBlihHkyospv1phcXkWzVkM8xUlFZczTBXmJA4rzRtFG2w7jl/Zgh6oEY8Br yE8Sv8isjLp5 =MtaG -----END PGP SIGNATURE-----