-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Aug 2017 06:56:40 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc
python-libxml2 python-libxml2-dbg python3-libxml2 python3-libxml2-dbg
Architecture: source
Version: 2.9.4+dfsg1-3.1
Distribution: unstable
Urgency: low
Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description:
libxml2 - GNOME XML library
libxml2-dbg - Debugging symbols for the GNOME XML library
libxml2-dev - Development files for the GNOME XML library
libxml2-doc - Documentation for the GNOME XML library
libxml2-utils - XML utilities
python-libxml2 - Python bindings for the GNOME XML library
python-libxml2-dbg - Python bindings for the GNOME XML library (debug
extension)
python3-libxml2 - Python3 bindings for the GNOME XML library
python3-libxml2-dbg - Python3 bindings for the GNOME XML library (debug
extension)
Changes:
libxml2 (2.9.4+dfsg1-3.1) unstable; urgency=low
.
* Non-maintainer upload.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1:
f403fa424d24484734ac50e4f425fb20bbc8c0a4 3121 libxml2_2.9.4+dfsg1-3.1.dsc
2107cdd9a86fcced334e230c0570b8b9d4ffaef5 33852
libxml2_2.9.4+dfsg1-3.1.debian.tar.xz
Checksums-Sha256:
7b6dbd6cb82e44393436d1900ec37791002456eb53f17951d561b2b4f3a71bdf 3121
libxml2_2.9.4+dfsg1-3.1.dsc
9de354bf1315f0e631505789a6059fdbcef3fd2c262b1573935cdf6acf0ee976 33852
libxml2_2.9.4+dfsg1-3.1.debian.tar.xz
Files:
63f1bfc1415e09c79177978cce1f2f77 3121 libs optional libxml2_2.9.4+dfsg1-3.1.dsc
ae6b0290e64db9ccf1604938422de437 33852 libs optional
libxml2_2.9.4+dfsg1-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmZGH1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ei3MP/RrZvJrvv0dJ9f2ollRVL9hi3iqZ9pKN
xfOqEjQ2pOyDdiG/maJWvpJvMb+Jxm4yPJmPqBiWddUe69sBDK1V7svkh8PnuGK3
MjWZgS67UoIq7tN9rGflOhhJZ14E6YJniv3bq2F+uu3IpQCdoxDNFDGbEMZOXyt0
b6/fiw+8CYbswO+fe0UqGwnqBEfVF0ZEk2XRhPaldACOLgaiA5sJBqEiS/eV56+5
tRu+wI9PM2wg15Y3zVRWBygTwvKKDhbKU0W6UKbrfNz7x93OutHQp7N1tdHgch17
aP0gsSUTgx0O27VjYup8jWFS2w1muypGeM0xsBLLgQADmVSq4e+x+jsradC7wt+2
/+wZqDmXrlJF4Rpwm7Edu37uXngSMjwXN75bMYtie54AKn+Mc38QpcuM3lp6qHGG
n0b2TrR4Ay0t2upof2lOwVMAg7007BcmvOxuPmnVAPdpAKjiMCQukTdhmfthmBZ4
QdVRN3NYDfjehYzioUkpcBgoNhu7nD7tFsIIC592kaW7YGmV8eLrcPt7WqOOZnoW
Ew6BSyOMPDvVibB0pmi1LnSAZxmkDmpqdEUpcaoyQ6Mv6Emc1lVORDqWy/Lf1r44
gf8IOIxc9/Zql4W65CKTGcnpWRHY6vUwY5GIdYk1z1BxS+h1JNH8JZCHTY/A/FIO
mNhEVvbVSM0g
=3MwH
-----END PGP SIGNATURE-----
