-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Dec 2015 22:00:37 +0100 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source i386 all Version: 2.7.8.dfsg-2+squeeze16 Distribution: squeeze-lts Urgency: high Maintainer: Debian XML/SGML Group <debian-xml-sgml-p...@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <deb...@alteholz.de> Description: libxml2 - GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Changes: libxml2 (2.7.8.dfsg-2+squeeze16) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * Patches taken from Wheezy, thanks to Salvatore Bonaccorso * Add Avoid-processing-entities-after-encoding-conversion-.patch patch. CVE-2015-7498: Heap-based buffer overflow in xmlParseXmlDecl. * Add CVE-2015-7497-Avoid-an-heap-buffer-overflow-in-xmlDi.patch patch. CVE-2015-7497: Heap-based buffer overflow in xmlDictComputeFastQKey. * Add CVE-2015-5312-Another-entity-expansion-issue.patch patch. CVE-2015-5312: CPU exhaustion when processing specially crafted XML input. * Add patches to address CVE-2015-7499. CVE-2015-7499: Heap-based buffer overflow in xmlGROW. Add a specific parser error (XML_ERR_USER_STOP), backported from e50ba8164eee06461c73cd8abb9b46aa0be81869 upstream (commit to address CVE-2013-2877, the "Try to stop parsing as quickly as possible" was not backported). * Add CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch patch. CVE-2015-7500: Heap buffer overflow in xmlParseMisc. Checksums-Sha1: 046fb737af27b0ab9607d135772fd36f8479607d 2311 libxml2_2.7.8.dfsg-2+squeeze16.dsc bf481743478da6899a65507a34b67731466960dd 3509930 libxml2_2.7.8.dfsg.orig.tar.gz eb06c2980305b64df51722d1f3f9baa44dd5c736 137574 libxml2_2.7.8.dfsg-2+squeeze16.diff.gz ec605a6d7f90bfb03fdac0620040e41136e89dbc 831366 libxml2_2.7.8.dfsg-2+squeeze16_i386.deb 3dafcfc68087a26b9a45c5a4ee5a0259a9243417 92058 libxml2-utils_2.7.8.dfsg-2+squeeze16_i386.deb 1fd3601bf9b30a287a0c0d8c7bf407574f9bfc26 754560 libxml2-dev_2.7.8.dfsg-2+squeeze16_i386.deb 0e3ea3155b25e5fd40d791e2b655f50fd6c53fa6 992876 libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb 9f4986d3a3bde3347c8d6952a8fec5b73b718912 1383838 libxml2-doc_2.7.8.dfsg-2+squeeze16_all.deb a31a370faec3f9e6d10d390d269dc73ba0a19d22 310658 python-libxml2_2.7.8.dfsg-2+squeeze16_i386.deb 4d85047dbdb648c5e0fa4607cb0d1d2968e2f8b7 826112 python-libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb Checksums-Sha256: 28cc20301a1f5cd97823fcd2bce5920c61dc9edcaf4a979e62c46f82090661df 2311 libxml2_2.7.8.dfsg-2+squeeze16.dsc 9f5262963fda356708903b42ff862a816c714582d0cf41477a8b3839945f0e43 3509930 libxml2_2.7.8.dfsg.orig.tar.gz d10276d6970477da711001116af977b944225d15295d8c17f4b897f71f41700c 137574 libxml2_2.7.8.dfsg-2+squeeze16.diff.gz 950095185e920f81356536038cf559a57bd99ab5419d9d6ac1dd8c71106c6c16 831366 libxml2_2.7.8.dfsg-2+squeeze16_i386.deb 60470aa31ab5513659c49255f354b265f2e7077bf4c02804cff2e3e01cc025d2 92058 libxml2-utils_2.7.8.dfsg-2+squeeze16_i386.deb 967a736ad6f0ca4794fa0c6af5ce523115ef1412607e4da642943fd76a3b2289 754560 libxml2-dev_2.7.8.dfsg-2+squeeze16_i386.deb 2dded7b99a790616c4ba329b9057901aea99ada03de3e88a71ac5382164df9b7 992876 libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb 23b1aff2bb6e1b33aefeece92690e70305d27f2dacf42d91da49b8ceb8250cac 1383838 libxml2-doc_2.7.8.dfsg-2+squeeze16_all.deb 4fd538fe13305bc3653998896d292e3d847605836ed96584a2f24ac2235514b2 310658 python-libxml2_2.7.8.dfsg-2+squeeze16_i386.deb 8d4d34ddd0ecd1a89bca3c8c2c4c37e70067fdf233b4de3905e94b914f0e43f8 826112 python-libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb Files: 085e4d04a2172264325fdac14867b8c8 2311 libs optional libxml2_2.7.8.dfsg-2+squeeze16.dsc 116fd86aa1b392dfe38d6b17613deebb 3509930 libs optional libxml2_2.7.8.dfsg.orig.tar.gz f0a7e6802bf6573c80991a60c86a2746 137574 libs optional libxml2_2.7.8.dfsg-2+squeeze16.diff.gz 42bf93791c8855a7b2d2f846ad0cc94d 831366 libs standard libxml2_2.7.8.dfsg-2+squeeze16_i386.deb dbffecfda6cee89a9d4ed0a68942f42a 92058 text optional libxml2-utils_2.7.8.dfsg-2+squeeze16_i386.deb c91ba0ded9a18128d822e3fc4480538a 754560 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze16_i386.deb a69d4fc0ce13543fce8cb7703c6b0879 992876 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb a7f6b0f13c25d539f2698a7debb5f5f8 1383838 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze16_all.deb c8f543034bde05c366a624380052e315 310658 python optional python-libxml2_2.7.8.dfsg-2+squeeze16_i386.deb 73e8b278285a768caefd3c8275142e82 826112 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze16_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJWfnlgXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHg9IQALknPZJHR1bU9cIeCug8XUlW 1M/W0Jztz14uT+P2UA+6VbDWpbJpVGcZ1qkufgCDklb6OXSdcGotVdxTi2KCzCIO 1n8PNccFsIdmJ/BMMR7Aavk3eS1we1WzAQCeEtJY+MgmyTpv4U7JCa0Rgh1maig6 MaA6MY+jGCyQ64i06wEii0v1omZXKGAgGt/M5aLfSIvxmHhubjKge+iQWWU4jd7+ Vj0NAVnVnZ4D7UjIRhE88/123ONqp9BHeLKNk6IdbiXJnzITHIRj0XDC1eAUnrJ3 im/YEQ6/MhLFHHNFB/GbMgBJOfRJ/cjW5KA04YMrVqJRXnQfAPIY5/wOt3dfkeN2 SKBRyCkPdU/7D32V8eBkN6QGdFv205BsHPUju1CFipkcSDzlhua4QgUPHNPZKhFd fbRuGeZOV/3tr+FNAHtvqwkAGC9JbzfadsRTZaG84PvWZ6fSZp4esz80e1y8AgUT cs3tsAIosi9g1LvinAirw5x1tU39dCsI0nSRUfDt9Qxv8Sd0nZ+ikYWmQEzvoznh iqyk9pCcy1cCzDhSDJM0itJSqRkJSyNRbDy6xI5/+IohnvAn/hkcf7/tKItyb9SG Yfi/e5RSvgbls8akW6xrVk5XP3gGNQLUM+g/tm9rQxIVGjg59MZK1hnuz8CAV1/g EgYPL5pexkXsfwtVSQpJ =axiy -----END PGP SIGNATURE-----