[ubuntu/plucky-proposed] libxml2 2.12.7+dfsg+really2.9.14-0.4 (Accepted)
Graham Inggs
graham.inggs at canonical.com
Thu Mar 27 18:21:49 UTC 2025
libxml2 (2.12.7+dfsg+really2.9.14-0.4) unstable; urgency=medium
* Non-maintainer upload.
* Don't build with ICU. Closes: #1092484.
libxml's README.md states:
[ICU](https://icu.unicode.org/), a Unicode library. Mainly
useful as an alternative to iconv on Windows. Unnecessary
on most other systems.
ICU 76.1 requires to be built with -std=c++17 or -std=gnu++17 or
higher. However including the ICU headers in the libxml2 headers,
breaks builds with older C++ standards, most likely leading to
some unrelated build failures for packages that don't rely on ICU,
but are using libxml2.
* Import security updates from Ubuntu:
- SECURITY UPDATE: use-after-free in xmlXIncludeAddNode
+ debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.
+ CVE-2022-49043. Closes: #1094238.
- SECURITY UPDATE: buffer overread in xmllint
+ debian/patches/CVE-2024-34459.patch: fix buffer issue when using
htmlout option in xmllint.c.
+ CVE-2024-34459. Closes: #1071162.
- SECURITY UPDATE: use-after-free
+ debian/patches/CVE-2024-56171.patch: Fix use-after-free after
xmlSchemaItemListAdd.
+ CVE-2024-56171. Closes: #1098320.
- SECURITY UPDATE: stack-based buffer overflow
+ debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name
in xmlSnprintfElements.
+ debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
xmlSnprintfElements.
+ CVE-2025-24928. Closes: #1098321.
- SECURITY UPDATE: NULL pointer dereference
+ debian/patches/CVE-2025-27113.patch: Fix compilation of explicit
child axis.
+ CVE-2025-27113. Closes: #1098322.
Date: 2025-03-27 16:51:43.401065+00:00
Signed-By: Graham Inggs <graham.inggs at canonical.com>
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg+really2.9.14-0.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list