Hello Markus, thanks for the update! Could you please push your last change into the git-repo [1] and tag an upload?
gbp buildpackage --git-tag-only --git-sign-tags --git-debian-branch=debian/stretch Regards [1] https://salsa.debian.org/lts-team/packages/libxml2 Anton Am Di., 17. Mai 2022 um 01:04 Uhr schrieb Markus Koschany <a...@debian.org>: > > ------------------------------------------------------------------------- > Debian LTS Advisory DLA-3012-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Markus Koschany > May 17, 2022 https://wiki.debian.org/LTS > ------------------------------------------------------------------------- > > Package : libxml2 > Version : 2.9.4+dfsg1-2.2+deb9u7 > CVE ID : CVE-2022-29824 > Debian Bug : 1010526 > > Felix Wilhelm discovered that libxml2, the GNOME XML library, did not > correctly > check for integer overflows or used wrong types for buffer sizes. This could > result in out-of-bounds writes or other memory errors when working on large, > multi-gigabyte buffers. > > For Debian 9 stretch, this problem has been fixed in version > 2.9.4+dfsg1-2.2+deb9u7. > > We recommend that you upgrade your libxml2 packages. > > For the detailed security status of libxml2 please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/libxml2 > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS