-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 19 Aug 2017 17:31:22 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: all source Version: 2.9.1+dfsg1-5+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 863018 863019 863021 863022 870865 870867 870870 Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Increase buffer space for port in HTTP redirect support (CVE-2017-7376) Incorrect limit was used for port values. (Closes: #870865) * Prevent unwanted external entity reference (CVE-2017-7375) Missing validation for external entities in xmlParsePEReference. (Closes: #870867) * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050) - Heap-based buffer over-read in function xmlDictComputeFastKey (CVE-2017-9049). - Heap-based buffer over-read in function xmlDictAddString (CVE-2017-9050). (Closes: #863019, #863018) * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047, CVE-2017-9048) - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047). - Stack-based buffer overflow in function xmlSnprintfElementContent (CVE-2017-9048). (Closes: #863022, #863021) * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663) Heap buffer overflow in xmlAddID. (Closes: #870870) Checksums-Sha1: eaab819c0731a18e9c54f4063ab224dcf6cbb601 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc 1ac243dfcb48cc4c6f75c047fbc615ad8dd13f34 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz 53e9469a3539c99004bf03f2d48c740d35fd11c1 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb Checksums-Sha256: 6fe2c4e997f1ed1520cbba4474513880a1e7450de57a0c86f73c4023396609fb 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc 01247e1947e2b52c4ef0e227fdd501038aa0840b8c889c26b6503a2dcd85a5d3 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz 5e3c6fc3559c5a11fd1d8fa82adc279a50e72aea8e1cfb737edb9ef56be62d56 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb Files: 2a3af655cd7869b5c46d004574abc73e 2760 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.dsc c3ad68eb36657f8205d46df58bbef1cb 70784 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz 20f7e4cd04c586dcebfc9d889ff8e926 815012 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYWvlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EE0oP/0lQVfaWpw3IFFPpnuyFZE60cbGVBvkm xcqxfQ2JakMYi9ad2l2zt/OzuH3kgXVuQq7PYQmXbTsRSETqszVjG403m4aIkIht HrtH8JmilAtNMKmvYpuNoUpVpPHT6JERQv9PU4B4gFqgS2tPG0iwzLZvivnuoPwH 8nlHugB0eIbyudk51YP3Swh5qx3Hx6VWGxAlcPnduA8PyFRV++fRu0oriEtaff+G hqHWnA5ZgQBUMTiClCYrjwWaYK00tIkq44l+ceoyjBusix43xoDkoQ0iekPnUMmQ CXSLke7/pxAqp7iakQNljm6Hd8LABXMRDAeyPYGiQPa4l8z9ad5kQnJ2Hz2Inx4s UMH/JFqFLk0FinXyYZ2gKERcwheaNGQh9nbWhWgvAdmNC8KnXBNpCSs2qk2KwmqP TO1n3Rw7EUEulaSJwomuDz6/h8u2Kkzo2RZPkcwRfEE0pmZAIuoVChr4zJpdUQ+E ed0kRX5m5t50csgzWpMnfbu5mRn3p0SMzdiBlAQZUHQXGNzkEsXqD5pnCAw0lFnM kiac5oDW/7n/v/8yR9jgN6CqcGtEjtmGf+I89Nuf91ZXazjEZJW9w+caIqfbJAnB YAGCQFYD5Mvc8d2h5LtTUINca5RZH4QL46pz7gIeGBKCmkW71CVW7CS4DpIaeC9Q x2pYxo5jonEM =1LfP -----END PGP SIGNATURE-----