libxml2 - Debian Package Tracker

general

source: libxml2 (main)
version: 2.9.14+dfsg-1
maintainer: Debian XML/SGML Group (archive) (DMD)
uploaders: YunQiang Su [DMD] – Aron Xu [DMD]
arch: all any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.9.4+dfsg1-2.2+deb9u2
o-o-sec: 2.9.4+dfsg1-2.2+deb9u7
oldstable: 2.9.4+dfsg1-7+deb10u2
old-sec: 2.9.4+dfsg1-7+deb10u4
old-p-u: 2.9.4+dfsg1-7+deb10u4
stable: 2.9.10+dfsg-6.7+deb11u2
stable-sec: 2.9.10+dfsg-6.7+deb11u2
testing: 2.9.14+dfsg-1
unstable: 2.9.14+dfsg-1

versioned links

2.9.4+dfsg1-2.2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.4+dfsg1-2.2+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.4+dfsg1-7+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.4+dfsg1-7+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.10+dfsg-6.7+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.14+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libxml2 (26 bugs: 0, 22, 4, 0)
libxml2-dev (4 bugs: 0, 3, 1, 0)
libxml2-doc
libxml2-utils (13 bugs: 0, 8, 5, 0)
python3-libxml2

action needed

3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:

CVE-2016-3709: Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

2 ignored issues:

CVE-2016-9318: libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
CVE-2017-16932: parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Created: 2022-07-04 Last update: 2022-08-11 22:35

lintian reports 173 errors and 6 warnings high

Lintian reports 173 errors and 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2022-07-30 12:15

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2022-07-27 Last update: 2022-08-16 06:01

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ba999848a81bed71780f93d57e5073f5f623e67b
Author: Mattia Rizzolo <mattia@debian.org>
Date:   Thu May 5 15:16:31 2022 +0200

    simplify list of html to install
    
    I just felt doing it, and then discovered upstream refactored the whole
    thing :(
    
    Signed-off-by: Mattia Rizzolo <mattia@debian.org>

Created: 2022-05-05 Last update: 2022-08-09 10:03

1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:

CVE-2016-3709: (needs triaging) Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-31 Last update: 2022-08-11 22:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-05-11 23:25

news

[rss feed]

[2022-05-26] Accepted libxml2 2.9.4+dfsg1-7+deb10u4 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-05-26] Accepted libxml2 2.9.10+dfsg-6.7+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-05-22] Accepted libxml2 2.9.4+dfsg1-7+deb10u4 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-05-22] Accepted libxml2 2.9.10+dfsg-6.7+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-05-16] Accepted libxml2 2.9.4+dfsg1-2.2+deb9u7 (source) into oldoldstable (Markus Koschany)
[2022-05-11] libxml2 2.9.14+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-05-11] libxml2 2.9.14+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-05-05] Accepted libxml2 2.9.14+dfsg-1 (source) into unstable (Mattia Rizzolo)
[2022-04-08] Accepted libxml2 2.9.4+dfsg1-2.2+deb9u6 (source) into oldoldstable (Anton Gladky)
[2022-03-19] Accepted libxml2 2.9.4+dfsg1-7+deb10u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-03-19] Accepted libxml2 2.9.10+dfsg-6.7+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2022-03-02] libxml2 2.9.13+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-02-27] Accepted libxml2 2.9.13+dfsg-1 (source) into unstable (Mattia Rizzolo)
[2022-02-22] libxml2 2.9.12+dfsg-6 MIGRATED to testing (Debian testing watch)
[2022-02-19] Accepted libxml2 2.9.12+dfsg-6 (source) into unstable (Mattia Rizzolo)
[2021-09-24] libxml2 2.9.12+dfsg-5 MIGRATED to testing (Debian testing watch)
[2021-09-20] Accepted libxml2 2.9.12+dfsg-5 (source) into unstable (Mattia Rizzolo)
[2021-09-10] Accepted libxml2 2.9.12+dfsg-4 (source) into unstable (Mattia Rizzolo)
[2021-09-01] Accepted libxml2 2.9.12+dfsg-3 (source) into unstable (Mattia Rizzolo)
[2021-07-29] Accepted libxml2 2.9.12+dfsg-2 (source) into experimental (Mattia Rizzolo)
[2021-07-18] Accepted libxml2 2.9.12+dfsg-1 (source) into experimental (Mattia Rizzolo)
[2021-06-12] Accepted libxml2 2.9.4+dfsg1-7+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2021-05-30] Accepted libxml2 2.9.4+dfsg1-2.2+deb9u5 (source amd64 all) into oldstable (Thorsten Alteholz)
[2021-05-27] libxml2 2.9.10+dfsg-6.7 MIGRATED to testing (Debian testing watch)
[2021-05-22] Accepted libxml2 2.9.10+dfsg-6.7 (source) into unstable (Salvatore Bonaccorso)
[2021-05-11] libxml2 2.9.10+dfsg-6.6 MIGRATED to testing (Debian testing watch)
[2021-05-10] Accepted libxml2 2.9.4+dfsg1-2.2+deb9u4 (source) into oldstable (Emilio Pozuelo Monfort)
[2021-05-06] Accepted libxml2 2.9.10+dfsg-6.6 (source) into unstable (Salvatore Bonaccorso)
[2021-05-06] Accepted libxml2 2.9.10+dfsg-6.5 (source) into experimental (Salvatore Bonaccorso)
[2021-05-02] Accepted libxml2 2.9.10+dfsg-6.4 (source) into experimental (Salvatore Bonaccorso)

bugs [bug history graph]

all: 45
RC: 0
I&N: 35
M&W: 10
F&P: 0
patch: 1

links

homepage
lintian (173, 6)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.9.14+dfsg-1
20 bugs