[ubuntu/jammy-security] libxml2 2.9.13+dfsg-1ubuntu0.11 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Thu Jan 22 12:59:34 UTC 2026
libxml2 (2.9.13+dfsg-1ubuntu0.11) jammy-security; urgency=medium
* SECURITY UPDATE: Infinite recursion with SGML catalogs.
- debian/patches/CVE-2025-8732.patch: Add catalog depth and checks in
catalog.c. Add test files in result/catalogs/recursive and
test/catalogs/recursive.sgml.
- CVE-2025-8732
* SECURITY UPDATE: Infinite recursion when resolving include directives in
RelaxNG parser.
- debian/patches/CVE-2026-0989.patch: Add xmlRelaxParserSetIncLImit in
include/libxml/relaxng.h. Add include limit and checks in relaxng.c. Add
test and test files in runtest.c,
test/relaxng/include/include-limit.rng,
test/relaxng/include/include-limit_1.rng,
test/relaxng/include/include-limit_2.rng, and
test/relaxng/include/include-limit_3.rng.
- debian/libxml2.symbols: Add new xmlRelaxParserSetIncLImit symbol.
- CVE-2026-0989
* SECURITY UPDATE: Infinite recursion in URI dereferencing.
- debian/patches/CVE-2026-0990.patch: Add MAX_CATAL_DEPTH and other checks
in catalog.c.
- CVE-2026-0990
* SECURITY UPDATE: Uncontrolled resource consumption in catalogs.
- debian/patches/CVE-2026-0992.patch: Add catalog duplication checks in
catalog.c.
- CVE-2026-0992
Date: 2026-01-21 18:58:24.626967+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list