Source: libxml2 Version: 2.12.7+dfsg+really2.9.14-0.2 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.9.14+dfsg-1.3~deb12u1 Control: found -1 2.9.14+dfsg-1.3
Hi, The following vulnerability was published for libxml2. CVE-2024-56171[0]: | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free | in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in | xmlschemas.c. To exploit this, a crafted XML document must be | validated against an XML schema with certain identity constraints, | or a crafted XML schema must be used. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-56171 https://www.cve.org/CVERecord?id=CVE-2024-56171 [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 [2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Regards, Salvatore
