[ubuntu/plucky-updates] libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Aug 20 06:28:35 UTC 2025
libxml2 (2.12.7+dfsg+really2.9.14-0.4ubuntu0.2) plucky-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2025-6021.patch: fix integer overflow by adding
bound checks in xmlBuildQName in tree.c
prevent integer overflow
- debian/patches/CVE-2025-6170.patch: fix buffer overflow by adding
bound checks in xmlShell in debugXML.c
- CVE-2025-6021
- CVE-2025-6170
* SECURITY UPDATE: UAF and type confusion
- debian/patches/CVE-2025-49794_49796.patch: fix UAF by returning node
and freeing it after use; fix type confusion by adding type check in
xmlSchematronFormatReport in schematron.c
- CVE-2025-49794
- CVE-2025-49796
Date: 2025-08-13 14:48:12.903744+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg+really2.9.14-0.4ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list