Your message dated Mon, 28 Jul 2025 21:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1107755: fixed in libxml2 2.9.14+dfsg-1.3~deb12u3
has caused the Debian Bug report #1107755,
regarding libxml2: CVE-2025-49794: Heap use after free (UAF) leads to Denial of
service (DoS)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107755: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.12.7+dfsg+really2.9.14-1.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2025-49794[0]:
| Heap use after free (UAF) leads to Denial of service (DoS)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-49794
https://www.cve.org/CVERecord?id=CVE-2025-49794
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.9.14+dfsg-1.3~deb12u3
Done: Guilhem Moulin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Jul 2025 01:15:48 +0200
Source: libxml2
Architecture: source
Version: 2.9.14+dfsg-1.3~deb12u3
Distribution: bookworm
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 1107720 1107752 1107755 1107938
Changes:
libxml2 (2.9.14+dfsg-1.3~deb12u3) bookworm; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
#1107720).
* Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
(Closes: #1107938).
* Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
(Closes: #1107755).
* Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
(Closes: #1107752).
Checksums-Sha1:
19d5553d787c8f0faf13984d22c18df210dfccd7 2955
libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
ea717ef9e0269d369c57108bfc42ef3fac3e1b19 42204
libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
fc7fd32aa5db19254bfb5903e8f41e9ee6181142 9943
libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo
Checksums-Sha256:
ab2a7f540f3a809f792843b314a9226b73fa44053b738cd0207fe2ea83612c61 2955
libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
574cd2c7eef5244e4d8f8ff9b79e90ee2dee314dcb994b8496edd1176e43cf53 42204
libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
7a0abe5d94fb61fc94b8b9041be920e4722e9306a5a2b5d9f8e3bfa641318c32 9943
libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo
Files:
12a7c054605136f8e814a48f422b3f5f 2955 libs optional
libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
1f6535ec221592d507fa14d7b98694d2 42204 libs optional
libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
07472d2097a95af85efc5696c30f89d6 9943 libs optional
libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiFYh4ACgkQ05pJnDwh
pVKk1BAApu/QUYZLbAfmwe9hLO70ahYctUvlYcSIHHu5+qVkLXdbV2qcjZbGeXil
STw1nnlBxGMsuL2lfusjsWX9904Qd/ONz5fCn7uavel+G0ewVQOHNI1tdMiddK9g
otJfgJM9xZ4n3DhkJAQvyKrJ3SYkKZ13JV8PXqN0Ay2y4+CXsuNOmhbZ0jEme+U0
L7hzPQjQU9BlgucWXqbWZTDZUiRIoSnRY2N/d7/TidHW8UyJ8QTAGCF/KVkRzGsH
Qd4IA0IdCBd2CiQhoHenRiIyESHLjnYlD22Yhh8VUL/rr0cYodO8ROrpisHOFc6O
8w3sWYwQGJ1k8Cm9oyrMRtPloxDdhoQRX6CA9iTuI0MO1Bo9lKrQ2+KloXO06MrR
QzlpneWxXAqXxafSP3hmKrUMv5er/qrYvQHydLUwFyPGAvGeJFEnmy9/myi33DN+
AJ/DrMaqPEOvEB4QLN4lip4hSigENWlj3gBfl9j1h08pzhERK5c83wKUugVvOa3R
OxFAuM2/19rfEoeZz/0W87NiA30cTybvSrzJnFeEsHhsN7RCA17oQ7Qy7fyQ3M7S
5matXC1eHPniBRspyygejytnkQ2F+pZcowXK50dTCtj68hiRWMkbXFCYj7aFy6+L
dyf1z7Ycj5/m2nAwP8femtxASwf4xJBh7tRxqbkYZHAxxs8LvsU=
=cM8N
-----END PGP SIGNATURE-----
pgpnAYme9F4lX.pgp
Description: PGP signature
--- End Message ---
