-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Sep 2018 19:03:02 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.9.1+dfsg1-5+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities libxml2-utils-dbg - XML utilities (debug extension) python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.9.1+dfsg1-5+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. * CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling which prevents an infinite loop. * CVE-2017-18258 Limit available memory to 100MB to avoid exhaustive memory consumption by malicious files. Checksums-Sha1: 0c9cc6200b5d2cce272c5ff81cda947045a031e6 2764 libxml2_2.9.1+dfsg1-5+deb8u7.dsc 357366e7afc9dd03ba883c605d5c369decb2b2e1 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz 78a0cb677aa25cb6ad92b7f625792491730a41b1 71860 libxml2_2.9.1+dfsg1-5+deb8u7.debian.tar.xz dd9a0950cef74320faf597b697ded46ca837556c 802824 libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb 297daa9fe7983f047b01aa42dfade61d67c46bbb 92392 libxml2-utils_2.9.1+dfsg1-5+deb8u7_amd64.deb c688222eff4d7dee72cf33d742e9d4cce25e098f 122532 libxml2-utils-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb b27afbe51a1dfbd8aaf61dedc3d7081cc8d9e484 695154 libxml2-dev_2.9.1+dfsg1-5+deb8u7_amd64.deb 7f626ced65978de59e75c41358eb713c182a5ba2 1232660 libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb d9bcf6788f219c458b3649a011f621d9f33fe25a 816912 libxml2-doc_2.9.1+dfsg1-5+deb8u7_all.deb 7e6cd40575208601c540b742e7b19fc4d658c65c 194526 python-libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb d17e7430a85bfaeddd32e5c557acf2b09546c433 321138 python-libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb Checksums-Sha256: 77e5a0b7b1c497eab1cd78595d6028cb7b0e888ab8678a7372e8c4eac9fb0f50 2764 libxml2_2.9.1+dfsg1-5+deb8u7.dsc f3ec5256412192f74833286c4490672500b232ed1c9195214db2c641df064a28 3793894 libxml2_2.9.1+dfsg1.orig.tar.gz 090c7342d79a297545e613b315e70d7a47627ea3ea116600ef9056d748f7c3a5 71860 libxml2_2.9.1+dfsg1-5+deb8u7.debian.tar.xz 34dcf3dc64e65935fa9e31ba9aa5d1795ed054f17203f01255a1875e55435f70 802824 libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb bf07cbf4a36c18652845fbfbca30c27e26345f50ac24004cbd47cae75b3e5bf6 92392 libxml2-utils_2.9.1+dfsg1-5+deb8u7_amd64.deb 0bbea0287121adb717f0a5434c75cf86e03855ad2e42cc9807f891e9bdc0cf05 122532 libxml2-utils-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb e279edee6bcaba31af4c8ebb4b997b0421d362b3a3911d9d590282194de281df 695154 libxml2-dev_2.9.1+dfsg1-5+deb8u7_amd64.deb 6da1b2709cb79ac7738e1d434fdc5c5a0e553544cf3f9ceab282a4dfdb85db64 1232660 libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb 0ce0c44c7544c566981382efa979ea829fd3e7794f4ec0022dc12dc49cf71f5b 816912 libxml2-doc_2.9.1+dfsg1-5+deb8u7_all.deb 96dacb87319735d8b896eb42a481d8fa883adcf361ef9e180dce02c1288986f0 194526 python-libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb e92d0c3ebe73e40b42901950afc5778722050d7d260802a282aba2c331547118 321138 python-libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb Files: da84cc7c77ddba51e815dc67bb4579ac 2764 libs optional libxml2_2.9.1+dfsg1-5+deb8u7.dsc 5f111980c06f927a62492b7b9781b7bf 3793894 libs optional libxml2_2.9.1+dfsg1.orig.tar.gz 0592545ab380a530b3c088898feda769 71860 libs optional libxml2_2.9.1+dfsg1-5+deb8u7.debian.tar.xz b85e9e9f2e082759eeae39c1d9a2f685 802824 libs standard libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb 13fec5efd98d5ca902517b31d1ff04ba 92392 text optional libxml2-utils_2.9.1+dfsg1-5+deb8u7_amd64.deb 34a07ee3316e66397b0ce01ce319284b 122532 debug extra libxml2-utils-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb 007293e4467ec4f751e4b75dea586604 695154 libdevel optional libxml2-dev_2.9.1+dfsg1-5+deb8u7_amd64.deb 4b7c6d367175522f36d329d4e250d9a0 1232660 debug extra libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb e3df77854ac36084225f605edbaeaf91 816912 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u7_all.deb 5f3e38625626413f6cf670a26a88b2bd 194526 python optional python-libxml2_2.9.1+dfsg1-5+deb8u7_amd64.deb aa8d48e60684e223a9788df81f23e575 321138 debug extra python-libxml2-dbg_2.9.1+dfsg1-5+deb8u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlutG4RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRxaOD/wLifsIBL3h9tTMUJoIoa3yBg2ZpvGP zo5VKmmkFaNuED2dXyDYnseuEjJgeAZ4N3TGjBaUnNEjy754FntKEzVIgZ8jXYux f0iPMTqXI2lrg1Rd8FfFxMlchPaUokedqGinPEBuDE1HZnrAyq9cpfXn+nB0X300 KWvxlSoYXg5pe/wrFsLqJCZgGsLb+fOXyOzj4aI2u/G0dZTuhshhdmqChJIR3YQV mJP/DAPhiDTR5vDSf3O0a7MWtvnUkSGYV688IFMxImpUsncK9D7nSG3VFx9jsvpK AVi5zGn8AX1L4oc4rwJAxAGwe40DpfowudyHSMcj21DdIey0uZy1oaxmAnVNHxzD uk51Na+XnV49QcytagqJHM+sJ0FjEyAqQgUSgLvY9k76RQEu1bYamz6fdgCA6A4p l+I+w81u13ZySv/UWa0SPS3rNu84ZjNsbeWDk+BxkFjWVn4TObDPn37+d0TU2PEn Bu2RZ5hWVdzs4aARD/qrTs3lhCNaoe2wd7hgXZ1F1LdlH0SXfxHDUGAKAEf5xWNb UkqMyBD/kDdBbq6QZ8e3+rgmT4maO1ArbiT/mV7CQ8/5bfJ+c08Um/XMhIsEDfSK pzUuZczyC3RbRW/sjZJc0Ew4Xa3MIctU1d4cws/AE2jZkkbzlOqiy7OALd1pcx2d UsuIg2T9M3dC6w== =SJLW -----END PGP SIGNATURE-----