Change log for libxml2 package in Ubuntu
1 → 75 of 310 results | First • Previous • Next • Last |
libxml2 (2.12.7+dfsg+really2.9.14-0.2ubuntu2) plucky; urgency=medium * Revert the last patch (ICU linking). * Don't build with ICU. libxml's README.md states: [ICU](https://icu.unicode.org/), a Unicode library. Mainly useful as an alternative to iconv on Windows. Unnecessary on most other systems. ICU 76.1 requires to be built with -std=c++17 or -std=gnu++17 or higher. However including the ICU headers in the libxml2 headers, breaks builds with older C++ standards, most likely leading to some unrelated build failures for packages that don't rely on ICU, but are using libxml2. -- Matthias Klose <email address hidden> Wed, 08 Jan 2025 13:46:56 +0100
Superseded in plucky-proposed |
libxml2 (2.12.7+dfsg+really2.9.14-0.2ubuntu1) plucky; urgency=medium * Work around linking ICU libs. -- Matthias Klose <email address hidden> Sun, 05 Jan 2025 22:01:31 +0100
Available diffs
Superseded in plucky-proposed |
libxml2 (2.12.7+dfsg+really2.9.14-0.2build2) plucky; urgency=medium * No-change rebuild for icu soname change. -- Matthias Klose <email address hidden> Sun, 05 Jan 2025 20:30:21 +0100
Available diffs
libxml2 (2.12.7+dfsg+really2.9.14-0.2build1) plucky; urgency=medium * SRU: #2083480: No-change rebuild to add support for Python 3.13. -- Matthias Klose <email address hidden> Wed, 13 Nov 2024 10:04:57 +0100
Superseded in plucky-proposed |
libxml2 (2.12.7+dfsg+really2.9.14-0.2) unstable; urgency=medium * Non-maintainer upload. * Patch: Python 3.13 support. (Closes: #1084096) -- Stefano Rivera <email address hidden> Wed, 06 Nov 2024 17:11:20 -0800
Available diffs
Superseded in plucky-proposed |
libxml2 (2.12.7+dfsg+really2.9.14-0.1) unstable; urgency=medium * Non-maintainer upload. * Revert packaging to 2.9.14+dfsg-1.3 currently in testing to revert ABI breakage (Closes: #1073508) -- Sebastian Ramacher <email address hidden> Thu, 26 Sep 2024 17:15:36 +0200
Superseded in plucky-release |
Published in oracular-release |
Deleted in oracular-proposed (Reason: Moved to oracular) |
libxml2 (2.12.7+dfsg-3) unstable; urgency=medium * d/control: replace pkg-config with pkgconf * source: override invalid-profile-name-in-source-relation noi18n * d/control: versioned Breaks at libxml-libxml-perl -- Aron Xu <email address hidden> Wed, 29 May 2024 21:25:11 +0800
Available diffs
Superseded in oracular-proposed |
libxml2 (2.12.7+dfsg-2) unstable; urgency=medium * d/control: Depends on liblzma-dev and zlib1g-dev explicitly (Closes: #1071834) -- Aron Xu <email address hidden> Sat, 25 May 2024 22:51:40 +0800
Superseded in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
libxml2 (2.9.14+dfsg-1.3ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 02:21:38 +0000
Available diffs
libxml2 (2.9.14+dfsg-1.3ubuntu2) noble; urgency=medium * No-change rebuild to build with python3.12 only. -- Matthias Klose <email address hidden> Sat, 16 Mar 2024 23:14:38 +0100
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.7) focal-security; urgency=medium * SECURITY UPDATE: use-after-free via XInclude expansion - debian/patches/CVE-2024-25062-pre1.patch: avoid call stack overflow with XML reader and recursive XIncludes in xmlreader.c. - debian/patches/CVE-2024-25062.patch: don't expand XIncludes when backtracking in xmlreader.c. - CVE-2024-25062 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2024 13:19:13 -0500
Available diffs
libxml2 (2.9.13+dfsg-1ubuntu0.4) jammy-security; urgency=medium * SECURITY UPDATE: use-after-free via XInclude expansion - debian/patches/CVE-2024-25062.patch: don't expand XIncludes when backtracking in xmlreader.c. - CVE-2024-25062 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2024 13:14:24 -0500
Available diffs
libxml2 (2.9.14+dfsg-1.3ubuntu0.1) mantic-security; urgency=medium * SECURITY UPDATE: use-after-free via XInclude expansion - debian/patches/CVE-2024-25062.patch: don't expand XIncludes when backtracking in xmlreader.c. - CVE-2024-25062 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2024 13:12:19 -0500
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
libxml2 (2.9.14+dfsg-1.3ubuntu1) noble; urgency=medium * SECURITY UPDATE: use-after-free via XInclude expansion - debian/patches/CVE-2024-25062.patch: don't expand XIncludes when backtracking in xmlreader.c. - CVE-2024-25062 -- Marc Deslauriers <email address hidden> Thu, 15 Feb 2024 11:00:50 -0500
Available diffs
libxml2 (2.9.14+dfsg-1.3build3) noble; urgency=medium * No-change rebuild for ICU soname change. -- Matthias Klose <email address hidden> Tue, 19 Dec 2023 11:06:39 +0100
Available diffs
libxml2 (2.9.14+dfsg-1.3build2) noble; urgency=medium * armhf (-fstack-clash-protection) breakage rebuild -- Mate Kukri <email address hidden> Thu, 23 Nov 2023 15:12:01 +0000
Available diffs
libxml2 (2.9.14+dfsg-1.3build1) noble; urgency=medium * No-change rebuild with Python 3.12 as supported version -- Graham Inggs <email address hidden> Tue, 31 Oct 2023 17:06:46 +0000
Available diffs
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium * Non-maintainer upload. * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991) * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991) -- Salvatore Bonaccorso <email address hidden> Sat, 08 Jul 2023 21:18:29 +0200
Available diffs
libxml2 (2.9.14+dfsg-1.1ubuntu0.1) lunar-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Null dereference - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType when parsing (invalid) XML schemas in result/schemas/oss-fuzz-51295_0_0.err, test/schemas/oss-fuzz-51295_0.xml, test/schemas/oss-fuzz-51295_0.xsd, xmlschemas.c. - CVE-2023-28484 * SECURITY UPDATE: Logic or memory errors and double frees - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in dict.c. - CVE-2023-29469 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Jun 2023 13:24:32 -0300
Available diffs
libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium * Non-maintainer upload. * schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK * Fix null deref in xmlSchemaFixupComplexType (CVE-2023-28484) (Closes: #1034436) * Hashing of empty dict strings isn't deterministic (CVE-2023-29469) (Closes: #1034437) -- Salvatore Bonaccorso <email address hidden> Sat, 15 Apr 2023 16:25:06 +0200
Available diffs
libxml2 (2.9.14+dfsg-1ubuntu0.2) kinetic-security; urgency=medium * SECURITY UPDATE: Null dereference - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType when parsing (invalid) XML schemas in result/schemas/oss-fuzz-51295_0_0.err, test/schemas/oss-fuzz-51295_0.xml, test/schemas/oss-fuzz-51295_0.xsd, xmlschemas.c. - CVE-2023-28484 * SECURITY UPDATE: Logic or memory errors and double frees - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in dict.c. - CVE-2023-29469 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Apr 2023 07:48:55 -0300
Available diffs
libxml2 (2.9.13+dfsg-1ubuntu0.3) jammy-security; urgency=medium * SECURITY UPDATE: Null dereference - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType when parsing (invalid) XML schemas in result/schemas/oss-fuzz-51295_0_0.err, test/schemas/oss-fuzz-51295_0.xml, test/schemas/oss-fuzz-51295_0.xsd, xmlschemas.c. - CVE-2023-28484 * SECURITY UPDATE: Logic or memory errors and double frees - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in dict.c. - CVE-2023-29469 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 Apr 2023 08:19:12 -0300
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.6) focal-security; urgency=medium * SECURITY UPDATE: Null dereference - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType when parsing (invalid) XML schemas in result/schemas/oss-fuzz-51295_0_0.err, test/schemas/oss-fuzz-51295_0.xml, test/schemas/oss-fuzz-51295_0.xsd, xmlschemas.c. - CVE-2023-28484 * SECURITY UPDATE: Logic or memory errors and double frees - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in dict.c. - CVE-2023-29469 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 Apr 2023 09:29:46 -0300
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.9) bionic-security; urgency=medium * SECURITY UPDATE: Null dereference - debian/patches/CVE-2023-28484-*.patch: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK and xmlSchemaFixupComplexType when parsing (invalid) XML schemas in result/schemas/oss-fuzz-51295_0_0.err, test/schemas/oss-fuzz-51295_0.xml, test/schemas/oss-fuzz-51295_0.xsd, xmlschemas.c. - CVE-2023-28484 * SECURITY UPDATE: Logic or memory errors and double frees - debian/patches/CVE-2023-29469.patch: check namelen less equal zero in dict.c. - CVE-2023-29469 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 Apr 2023 10:26:30 -0300
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
libxml2 (2.9.14+dfsg-1.1build2) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha <email address hidden> Wed, 01 Mar 2023 22:09:21 -0500
Available diffs
libxml2 (2.9.14+dfsg-1.1build1) lunar; urgency=medium * Rebuild against latest icu -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 10:46:36 -0500
Available diffs
libxml2 (2.9.14+dfsg-1ubuntu0.1) kinetic-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 29 Nov 2022 16:23:02 -0300
Available diffs
libxml2 (2.9.13+dfsg-1ubuntu0.2) jammy-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 29 Nov 2022 16:39:07 -0300
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.5) focal-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 30 Nov 2022 09:53:52 -0300
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.8) bionic-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 01 Dec 2022 09:38:39 -0300
Available diffs
Superseded in lunar-proposed |
libxml2 (2.9.14+dfsg-1build1) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs <email address hidden> Wed, 02 Nov 2022 08:29:44 +0000
Available diffs
libxml2 (2.9.14+dfsg-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix integer overflows with XML_PARSE_HUGE (CVE-2022-40303) (Closes: #1022224) * Fix dict corruption caused by entity reference cycles (CVE-2022-40304) (Closes: #1022225) -- Salvatore Bonaccorso <email address hidden> Sun, 30 Oct 2022 11:18:06 +0100
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.7) bionic-security; urgency=medium * SECURITY UPDATE: Possible cross-site scripting - debian/patches/CVE-2016-3709.patch: Revert "do not URI escape in server side includes" in HTMLtree.c. - CVE-2016-3709 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Aug 2022 11:25:53 -0300
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.4) focal-security; urgency=medium * SECURITY UPDATE: Possible cross-site scripting - debian/patches/CVE-2016-3709.patch: Revert "do not URI escape in server side includes" in HTMLtree.c. - CVE-2016-3709 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 01 Aug 2022 11:05:23 -0300
Available diffs
libxml2 (2.9.12+dfsg-4ubuntu0.2) impish-security; urgency=medium * SECURITY UPDATE: Integer overflows - debian/patches/CVE-2022-29824.patch: Fix integer overflows in xmlBuf and xmlBuffer in tree.c, buf.c. - CVE-2022-29824 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 09 May 2022 16:13:07 -0300
Available diffs
libxml2 (2.9.13+dfsg-1ubuntu0.1) jammy-security; urgency=medium * SECURITY UPDATE: Integer overflows - debian/patches/CVE-2022-29824.patch: Fix integer overflows in xmlBuf and xmlBuffer in tree.c, buf.c. - CVE-2022-29824 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 09 May 2022 15:33:11 -0300
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.3) focal-security; urgency=medium * SECURITY UPDATE: Integer overflows - debian/patches/CVE-2022-29824.patch: Fix integer overflows in xmlBuf and xmlBuffer in tree.c, buf.c. - CVE-2022-29824 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 10 May 2022 11:13:24 -0300
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.6) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflows - debian/patches/CVE-2022-29824.patch: Fix integer overflows in xmlBuf and xmlBuffer in tree.c, buf.c. - CVE-2022-29824 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 10 May 2022 11:18:33 -0300
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libxml2 (2.9.14+dfsg-1) unstable; urgency=high * Team upload. * New upstream version 2.9.14+dfsg. + Integer overflows in xmlBuf/xmlBuffer. CVE-2022-29824 Closes: #1010526 -- Mattia Rizzolo <email address hidden> Thu, 05 May 2022 14:43:51 +0200
Available diffs
Superseded in kinetic-proposed |
libxml2 (2.9.13+dfsg-1build2) kinetic; urgency=medium * No-change rebuild against latest icu -- Jeremy Bicha <email address hidden> Fri, 29 Apr 2022 08:06:01 -0400
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
libxml2 (2.9.13+dfsg-1build1) jammy; urgency=medium * No-change rebuild with Python 3.10 only -- Graham Inggs <email address hidden> Thu, 17 Mar 2022 19:28:02 +0000
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.5) bionic-security; urgency=medium * SECURITY UPDATE: use-after-free of ID and IDREF attributes - debian/patches/CVE-2022-23308.patch: normalize ID attributes in valid.c. - CVE-2022-23308 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 13:00:02 -0500
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: use-after-free of ID and IDREF attributes - debian/patches/CVE-2022-23308.patch: normalize ID attributes in valid.c. - CVE-2022-23308 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 12:59:13 -0500
Available diffs
libxml2 (2.9.12+dfsg-4ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: use-after-free of ID and IDREF attributes - debian/patches/CVE-2022-23308.patch: normalize ID attributes in valid.c. - CVE-2022-23308 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 12:57:40 -0500
Available diffs
libxml2 (2.9.13+dfsg-1) unstable; urgency=medium * Team upload. * New upstream version 2.9.13+dfsg. + Convert devhelp to version2. Closes: #955205 + Use-after-free of ID and IDREF attrs. CVE-2022-23308; Closes: #1006489 * Bump my copyright for debian/*. * d/watch: move download sourceto https://download.gnome.org/. -- Mattia Rizzolo <email address hidden> Sun, 27 Feb 2022 19:57:48 +0100
Available diffs
- diff from 2.9.12+dfsg-6 to 2.9.13+dfsg-1 (453.3 KiB)
libxml2 (2.9.12+dfsg-6) unstable; urgency=medium * Team upload. * d/control: + Use the new Description field in the source paragraph and add references to the binary paragraphs. This is a new feature since dpkg 1.19.0 (from 2017). Policy is not yet updated, see #998165. + Drop Build-Depends on python3-all-dbg, not used since the last revision. * Add patches from upstream to fix: + return code of xmllint when incorrectly called. Closes: #727075 + regression with entity references in external DTDs. Closes: #994765 -- Mattia Rizzolo <email address hidden> Sat, 19 Feb 2022 13:11:26 +0100
Available diffs
Superseded in jammy-proposed |
libxml2 (2.9.12+dfsg-5build1) jammy; urgency=medium * No-change rebuild for icu soname change. -- Matthias Klose <email address hidden> Wed, 09 Feb 2022 05:39:53 +0100
Available diffs
Superseded in jammy-proposed |
libxml2 (2.9.12+dfsg-4build1) jammy; urgency=medium * No-change rebuild to add python3.10. -- Matthias Klose <email address hidden> Sat, 16 Oct 2021 06:56:51 +0000
Available diffs
libxml2 (2.9.12+dfsg-5) unstable; urgency=medium * Team upload. * Stop building the python3-libxml2-dbg package. Closes: #994307 * Add a Conflicts against the old w3c-dtd-xhtml, that contains a .dtd that is not validating anymore. Closes: #993638 * Remove lintian override that was fixed in lintian for debian-rules-uses-supported-python-versions-without-python-all-build-depends -- Mattia Rizzolo <email address hidden> Mon, 20 Sep 2021 15:06:01 +0200
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
libxml2 (2.9.12+dfsg-4) unstable; urgency=medium * Team upload. * Add a few patches from upstream: + Work around lxml API abuse. + Fix regression in xmlNodeDumpOutputInternal. LP: #1943277 + Fix whitespace when serializing empty HTML documents. + Forbid epsilon-reduction of final states. + Fix buffering in xmlOutputBufferWrite. -- Mattia Rizzolo <email address hidden> Fri, 10 Sep 2021 22:13:09 +0200
Available diffs
Superseded in impish-proposed |
libxml2 (2.9.12+dfsg-3ubuntu1) impish; urgency=medium * Fix regression in 2.9.12 (LP: #1943277): - d/p/upstream/85b1792e37b131e7a51af98a37f92472e8de5f3f.patch: Add patch from upstream to work around lxml API abuse. Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted parent pointers. - d/p/upstream/13ad8736d294536da4cbcd70a96b0a2fbf47070c.patch: Add patch from upstream to fix regression in xmlNodeDumpOutputInternal. Commit 85b1792e could cause additional whitespace if xmlNodeDump was called with a non-zero starting level. - d/p/upstream/92d9ab4c28842a09ca2b76d3ff2f933e01b6cd6f.patch: Add patch from upstream to fix whitespace when serializing empty HTML documents. -- Corey Bryant <email address hidden> Fri, 10 Sep 2021 11:33:12 -0400
Available diffs
libxml2 (2.9.12+dfsg-3) unstable; urgency=medium * Team upload. * Upload to unstable. * Add patch from upstream to fix a regression in the recursion limit for complex XSLT documents. This also fixed the ruby-nokogiri test failure, so drop the previously introduced Breaks. * d/control: Bump Standards-Version to 4.6.0, no changes needed. -- Mattia Rizzolo <email address hidden> Wed, 01 Sep 2021 16:45:21 +0200
Available diffs
- diff from 2.9.10+dfsg-6.7 to 2.9.12+dfsg-3 (218.8 KiB)
- diff from 2.9.12+dfsg-2 to 2.9.12+dfsg-3 (1.3 KiB)
Superseded in impish-proposed |
libxml2 (2.9.12+dfsg-2) experimental; urgency=medium * Team upload. * d/control: Break ruby-nokogiri (<< 1.11.7). * lintian: + Add a link from usr/share/doc/libxml2/gtk-doc usr/share/gtk-doc/html/libxml2. See #970275 + Override for package-contains-documentation-outside-usr-share-doc. * Add two patches to refactor how docs are installed. * Add a patch to properly install all the documentation we were previously manually installing. * d/rules: Use the now working --docdir flag to install the documentation directly in the right place. * Move the documentation and examples from /usr/share/doc/libxml2-doc to /usr/share/doc/libxml2/, following Policy v3.9.7 ยง12.3. -- Mattia Rizzolo <email address hidden> Thu, 29 Jul 2021 12:22:11 +0200
Available diffs
- diff from 2.9.10+dfsg-6.7 to 2.9.12+dfsg-2 (218.4 KiB)
libxml2 (2.9.4+dfsg1-6.1ubuntu1.4) bionic-security; urgency=medium * debian/patches/fix-error-handler-bug.patch: Add extra missing commit to previous CVE-2017-8872 fix, halt immediately when the error handler attempts to stop the parser. * SECURITY UPDATE: memory leak - debian/patches/CVE-2019-20388.patch: Memory leak in xmlSchemaValidateStream function in xmlschemas.c. - CVE-2019-20388 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 -- Avital Ostromich <email address hidden> Thu, 22 Apr 2021 19:26:37 -0400
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.04.1) focal-security; urgency=medium * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 -- Avital Ostromich <email address hidden> Wed, 26 May 2021 19:51:20 -0400
Available diffs
libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8 sequences don't cause an out-of-bounds array access in xmllint. - CVE-2020-24977 * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 -- Avital Ostromich <email address hidden> Wed, 26 May 2021 19:43:37 -0400
Available diffs
libxml2 (2.9.10+dfsg-6.3ubuntu0.1) hirsute-security; urgency=medium * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure that names aren't stored in dictionaries. - CVE-2021-3516 * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is UTF-8 format, supplementing CVE-2020-24977 fix. - CVE-2021-3517 * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow list approach to avoid descending into other node types that can't contain elements. - CVE-2021-3518 * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls to xmlParseElementChildrenContentDeclPriv and return immediately in case of errors. - CVE-2021-3537 * SECURITY UPDATE: Exponential entity expansion - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to xmlParserEntityCheck to prevent entity exponential. - CVE-2021-3541 -- Avital Ostromich <email address hidden> Mon, 17 May 2021 18:13:47 -0400
Available diffs
libxml2 (2.9.10+dfsg-6.7) unstable; urgency=medium * Non-maintainer upload. * Patch for security issue CVE-2021-3541 (Closes: #988603) -- Salvatore Bonaccorso <email address hidden> Sat, 22 May 2021 08:21:29 +0200
Available diffs
libxml2 (2.9.10+dfsg-6.6) unstable; urgency=medium * Non-maintainer upload. * Upload to unstable. -- Salvatore Bonaccorso <email address hidden> Thu, 06 May 2021 10:48:16 +0200
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
libxml2 (2.9.10+dfsg-6.3build2) hirsute; urgency=medium * No-change rebuild to build with lto. -- Matthias Klose <email address hidden> Mon, 29 Mar 2021 08:04:19 +0200
Available diffs
libxml2 (2.9.10+dfsg-6.3build1) hirsute; urgency=medium * No-change rebuild to drop python3.8 extensions. -- Matthias Klose <email address hidden> Mon, 07 Dec 2020 18:40:14 +0100
Available diffs
libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium * Non-maintainer upload. * Remove the Python2 autopkg test. -- Matthias Klose <email address hidden> Sun, 29 Nov 2020 11:58:00 +0100
Available diffs
libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium * Non-maintainer upload. * Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977) (Closes: #969529) -- Salvatore Bonaccorso <email address hidden> Sun, 25 Oct 2020 13:56:23 +0100
Available diffs
Superseded in hirsute-proposed |
libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium * Non-maintainer upload. * Fix build with Python 3.9. Closes: #972022. -- Matthias Klose <email address hidden> Wed, 14 Oct 2020 08:45:25 +0200
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
libxml2 (2.9.10+dfsg-5build1) groovy; urgency=medium * No change rebuild against new icu ABI. -- Dimitri John Ledkov <email address hidden> Mon, 27 Jul 2020 16:43:05 +0100
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
libxml2 (2.9.10+dfsg-5) unstable; urgency=medium * Team upload. [ Mattia Rizzolo ] * d/rules: + Drop --disable-silent-rules, already passed by dh_auto_configure. + Drop --parallel, now default with debhelper compat > 10. + Use dh_installdocs and dh_installexamples to install docs and examples. + Use dh_missing --fail-missing (and add the relevant d/not-installed). + Minimize indep build to build only the docs. * d/watch: fix an option to avoid a warning message. * d/control: + Move most of the build-deps to Build-Depends-Arch. + Use ${python:Depends} also for python-libxml2-dbg. * Add a lintian override for debian-rules-uses-supported-python-versions-without-python-all-build-depends [ Gunnar Hjalmarsson ] * d/p/python3-unicode-errors.patch: Fix segfault issue with itstool and py3. LP: #1869814 -- Mattia Rizzolo <email address hidden> Fri, 10 Apr 2020 14:53:23 +0200
Available diffs
libxml2 (2.9.10+dfsg-4build1) focal; urgency=medium * No-change rebuild for icu soname change. -- Matthias Klose <email address hidden> Tue, 03 Mar 2020 21:48:24 +0100
Available diffs
Superseded in focal-proposed |
libxml2 (2.9.10+dfsg-4) unstable; urgency=medium * Team upload. * Add patch from upstream to prevent a segfault in some platforms with illegal documents. -- Mattia Rizzolo <email address hidden> Thu, 27 Feb 2020 19:21:45 +0100
Available diffs
libxml2 (2.9.10+dfsg-1ubuntu3) focal; urgency=medium * debian/patches/0001-Check-the-type-of-each-node-in-xmlFreeNodeList- not-j.patch: Check the type of each node in xmlFreeNodeList, not just the parent node. -- Steve Langasek <email address hidden> Sat, 22 Feb 2020 23:58:06 -0800
Available diffs
Superseded in focal-proposed |
libxml2 (2.9.10+dfsg-1ubuntu2) focal; urgency=medium * Restore the old xml2-config behaviour to print the shared libs by default. xml2-config --libs --static still can be used for the private libs. -- Matthias Klose <email address hidden> Thu, 20 Feb 2020 10:56:09 +0100
Available diffs
Superseded in focal-proposed |
libxml2 (2.9.10+dfsg-1ubuntu1) focal; urgency=medium * Restore the xml2-config binary for now. -- Matthias Klose <email address hidden> Tue, 18 Feb 2020 09:41:38 +0100
Available diffs
Superseded in focal-proposed |
libxml2 (2.9.4+dfsg1-8ubuntu4) focal; urgency=medium * No-change rebuild for icu soname change. -- Matthias Klose <email address hidden> Thu, 13 Feb 2020 09:00:31 +0100
Available diffs
libxml2 (2.9.3+dfsg1-1ubuntu0.7) xenial-security; urgency=medium * SECURITY UPDATE: Memory leak - debian/patches/CVE-2019-19956.patch: fix memory leak in xmlParseBalancedChunkMemoryRecover checking if doc is NULL in parser.c. - CVE-2019-19956 * SECURITY UPDATE: Denial of service though an infinite loop - debian/patches/CVE-2020-7595.patch: fix infinite loop in xmlStringLenDecodeEntities adding checks to ctxt->instate if it is == XML_PARSER_EOF in parser.c. - CVE-2020-7595 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Feb 2020 14:02:29 -0300
Available diffs
libxml2 (2.9.4+dfsg1-7ubuntu3.1) eoan-security; urgency=medium * SECURITY UPDATE: Memory leak - debian/patches/CVE-2019-19956.patch: fix memory leak in xmlParseBalancedChunkMemoryRecover checking if doc is NULL in parser.c. - CVE-2019-19956 * SECURITY UPDATE: Denial of service though an infinite loop - debian/patches/CVE-2020-7595.patch: fix infinite loop in xmlStringLenDecodeEntities adding checks to ctxt->instate if it is == XML_PARSER_EOF in parser.c. - CVE-2020-7595 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Feb 2020 14:14:31 -0300
Available diffs
libxml2 (2.9.4+dfsg1-6.1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: Memory leak - debian/patches/CVE-2019-19956.patch: fix memory leak in xmlParseBalancedChunkMemoryRecover checking if doc is NULL in parser.c. - CVE-2019-19956 * SECURITY UPDATE: Denial of service though an infinite loop - debian/patches/CVE-2020-7595.patch: fix infinite loop in xmlStringLenDecodeEntities adding checks to ctxt->instate if it is == XML_PARSER_EOF in parser.c. - CVE-2020-7595 -- <email address hidden> (Leonidas S. Barbosa) Wed, 05 Feb 2020 14:08:34 -0300
1 → 75 of 310 results | First • Previous • Next • Last |