libxml2 2.9.10+dfsg-6.3ubuntu0.1 source package in Ubuntu

Changelog

libxml2 (2.9.10+dfsg-6.3ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
      that names aren't stored in dictionaries.
    - CVE-2021-3516
  * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
      UTF-8 format, supplementing CVE-2020-24977 fix.
    - CVE-2021-3517
  * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
    - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
      list approach to avoid descending into other node types that can't
      contain elements.
    - CVE-2021-3518
  * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
    - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
      to xmlParseElementChildrenContentDeclPriv and return immediately in case
      of errors.
    - CVE-2021-3537
  * SECURITY UPDATE: Exponential entity expansion
    - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
      xmlParserEntityCheck to prevent entity exponential.
    - CVE-2021-3541

 -- Avital Ostromich <email address hidden>  Mon, 17 May 2021 18:13:47 -0400

Upload details

Uploaded by:
Avital Ostromich
Uploaded to:
Hirsute
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libxml2_2.9.10+dfsg.orig.tar.xz 2.4 MiB 65ee7a2f5e100c64ddf7beb92297c9b2a30b994a76cd1fab67470cf22db6b7d0
libxml2_2.9.10+dfsg-6.3ubuntu0.1.debian.tar.xz 31.7 KiB 1841a377b4039fcbe7a3ea2288ff8d9a65f7313126a091710b11769e69dff2b2
libxml2_2.9.10+dfsg-6.3ubuntu0.1.dsc 2.6 KiB 13d322e6635061d18443aeb3cd0fd7cca1758f0afa95b5850ca34420f4c788fa

View changes file

Binary packages built by this source

libxml2: No summary available for libxml2 in ubuntu hirsute.

No description available for libxml2 in ubuntu hirsute.

libxml2-dbgsym: No summary available for libxml2-dbgsym in ubuntu hirsute.

No description available for libxml2-dbgsym in ubuntu hirsute.

libxml2-dev: No summary available for libxml2-dev in ubuntu hirsute.

No description available for libxml2-dev in ubuntu hirsute.

libxml2-doc: No summary available for libxml2-doc in ubuntu hirsute.

No description available for libxml2-doc in ubuntu hirsute.

libxml2-utils: No summary available for libxml2-utils in ubuntu hirsute.

No description available for libxml2-utils in ubuntu hirsute.

libxml2-utils-dbgsym: No summary available for libxml2-utils-dbgsym in ubuntu hirsute.

No description available for libxml2-utils-dbgsym in ubuntu hirsute.

python3-libxml2: No summary available for python3-libxml2 in ubuntu hirsute.

No description available for python3-libxml2 in ubuntu hirsute.

python3-libxml2-dbg: No summary available for python3-libxml2-dbg in ubuntu hirsute.

No description available for python3-libxml2-dbg in ubuntu hirsute.