Ubuntu
libxml2 package

Change logs for libxml2 source package in Hirsute

  1. Hirsute (21.04)
  2. Change log 
  • libxml2 (2.9.10+dfsg-6.3ubuntu0.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
      that names aren't stored in dictionaries.
    - CVE-2021-3516
  * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
      UTF-8 format, supplementing CVE-2020-24977 fix.
    - CVE-2021-3517
  * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
    - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
      list approach to avoid descending into other node types that can't
      contain elements.
    - CVE-2021-3518
  * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
    - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
      to xmlParseElementChildrenContentDeclPriv and return immediately in case
      of errors.
    - CVE-2021-3537
  * SECURITY UPDATE: Exponential entity expansion
    - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
      xmlParserEntityCheck to prevent entity exponential.
    - CVE-2021-3541

 -- Avital Ostromich <email address hidden>  Mon, 17 May 2021 18:13:47 -0400
  • libxml2 (2.9.10+dfsg-6.3build2) hirsute; urgency=medium

  * No-change rebuild to build with lto.

 -- Matthias Klose <email address hidden>  Mon, 29 Mar 2021 08:04:19 +0200
  • libxml2 (2.9.10+dfsg-6.3build1) hirsute; urgency=medium

  * No-change rebuild to drop python3.8 extensions.

 -- Matthias Klose <email address hidden>  Mon, 07 Dec 2020 18:40:14 +0100
  • libxml2 (2.9.10+dfsg-6.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Remove the Python2 autopkg test.

 -- Matthias Klose <email address hidden>  Sun, 29 Nov 2020 11:58:00 +0100
  • libxml2 (2.9.10+dfsg-6.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix out-of-bounds read with 'xmllint --htmlout' (CVE-2020-24977)
    (Closes: #969529)

 -- Salvatore Bonaccorso <email address hidden>  Sun, 25 Oct 2020 13:56:23 +0100
  • libxml2 (2.9.10+dfsg-6.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix build with Python 3.9. Closes: #972022.

 -- Matthias Klose <email address hidden>  Wed, 14 Oct 2020 08:45:25 +0200
  • libxml2 (2.9.10+dfsg-5build1) groovy; urgency=medium

  * No change rebuild against new icu ABI.

 -- Dimitri John Ledkov <email address hidden>  Mon, 27 Jul 2020 16:43:05 +0100