Your message dated Sun, 23 Nov 2025 09:06:42 +0000
with message-id <[email protected]>
and subject line Bug#1120364: fixed in libxml2 2.15.1+dfsg-0.5
has caused the Debian Bug report #1120364,
regarding libxml2: CVE-2025-12863
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120364: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120364
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.15.1+dfsg-0.3
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2025-12863[0]:
| A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML
| parsing library. This function is responsible for updating document
| pointers when XML nodes are moved between documents. Due to improper
| handling of namespace references, a namespace pointer may remain
| linked to a freed memory region when the original document is
| destroyed. As a result, subsequent operations that access the
| namespace can lead to a use-after-free condition, causing an
| application crash.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-12863
https://www.cve.org/CVERecord?id=CVE-2025-12863
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.15.1+dfsg-0.5
Done: Matthias Klose <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Nov 2025 09:20:57 +0100
Source: libxml2
Architecture: source
Version: 2.15.1+dfsg-0.5
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Closes: 1105428 1120104 1120364
Changes:
libxml2 (2.15.1+dfsg-0.5) unstable; urgency=medium
.
* Non-maintainer upload.
* Don't apply the proposed patch for CVE-2025-12863 anymore. Rejected
by upstream. Closes: #1120364.
* Fix FTBFS with nopython build profile (Helmut Grohne). Closes: #1120104.
* d/rules: Add some explicit dependencies for custom build targets.
Closes: #1105428.
Checksums-Sha1:
633701a8ead3cc0c93198ce620cda31aa00d4214 3119 libxml2_2.15.1+dfsg-0.5.dsc
05f75f875d276e5d306d0c6dea3ebe6273b85003 35472
libxml2_2.15.1+dfsg-0.5.debian.tar.xz
98781261a694711c199f8c6bcbb82a29e29dcfaf 5715
libxml2_2.15.1+dfsg-0.5_source.buildinfo
Checksums-Sha256:
7053214faa0b2c6f8d54106c788313c65a1094616f981f9e8d1369a5737fd363 3119
libxml2_2.15.1+dfsg-0.5.dsc
4629c7ea6c75b4d3e4d331d509136e1e0fbe929f11528f902cd724a2ab9f611d 35472
libxml2_2.15.1+dfsg-0.5.debian.tar.xz
c57364740d664eb12f0c90914fe013a0a39d52cd8930a27b1d59674b4ba87b24 5715
libxml2_2.15.1+dfsg-0.5_source.buildinfo
Files:
a84579dcc9366f57e2284bbd7dec1dc5 3119 libs optional libxml2_2.15.1+dfsg-0.5.dsc
79ce06cdf312f51bb1c164562bae77e1 35472 libs optional
libxml2_2.15.1+dfsg-0.5.debian.tar.xz
65bd97f9da33d7a333049c99731355b7 5715 libs optional
libxml2_2.15.1+dfsg-0.5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmkiyU8QHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9b54D/4mJkwSL+8/8JCML9MfobHXffN/lmjBNf7P
lL+Km39tGjkh2nYcXUTFigd5b9tt9c3PPhbI8qlxwc9N+RRxtMdUH+6bHOQ59taO
M+AQRb6OiFBJ4W20V/nJ0WCK7Jp52MOEHoiYIM7NfWTYCk26IFhwb3j4kpRkT72Y
wvpx9hlo8n5xX0CGC33wHOICx+I902/lRv1GIoeIYK4OhBhCue55mCRRQ6pwhkzT
yQKBzovLBJbIKEIiNLRiTiAHYk8kJ0Zo0fIsYqz4VDcvXdG1gYbMBwGYr+cp4SIA
3LKKOBQB5yOHonyKYn4hlSSz6KMw6aDL2cHB3otDFVZvgtvuW243tZ+o6utZvB7l
6ySxRHyByLPJSkxkyvjQ/VutRO/Fxu62w6DJo0SPmV9qnvohtq7PGQ0FtAHy6z7v
fjpnH3J6M18O/9nkp1vB0ovNW+7LeSyY7MyQbci5OL8hiAcDsk0/Lm6qh11glJ/G
myj1mCyFIaykjW3b3AG5ytfXd9cDn/4WUcFWIAALH2BLquh992QwO/S8HQWD45UP
cXu8Jxh3+bHQZKbPMtACnCpHeMpv3Wn+aIuj6LKVClMyaBX9YbIUQXNE9HXPVhAc
phJBR5c5yMD9l5p7rRq2LLHDF1luDEA2VjzI/enA2/1mHDbfuAlMUB/DIB0Cogq4
+tsb9x3Hgg==
=99Mh
-----END PGP SIGNATURE-----
pgpJhw59mWRlJ.pgp
Description: PGP signature
--- End Message ---
