[ubuntu/noble-updates] libxml2 2.9.14+dfsg-1.3ubuntu3.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Aug 20 05:58:38 UTC 2025
libxml2 (2.9.14+dfsg-1.3ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2025-6021.patch: fix integer overflow by adding
bound checks in xmlBuildQName in tree.c
prevent integer overflow
- debian/patches/CVE-2025-6170.patch: fix buffer overflow by adding
bound checks in xmlShell in debugXML.c
- CVE-2025-6021
- CVE-2025-6170
* SECURITY UPDATE: UAF and type confusion
- debian/patches/CVE-2025-49794_49796.patch: fix UAF by returning node
and freeing it after use; fix type confusion by adding type check in
xmlSchematronFormatReport in schematron.c
- CVE-2025-49794
- CVE-2025-49796
Date: 2025-08-13 14:49:12.699376+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list