Ubuntu
libxml2 package

Change logs for libxml2 source package in Groovy

  1. Groovy (20.10)
  2. Change log 
  • libxml2 (2.9.10+dfsg-5ubuntu0.20.10.2) groovy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-24977.patch: Make sure that truncated UTF-8
      sequences don't cause an out-of-bounds array access in xmllint.
    - CVE-2020-24977
  * SECURITY UPDATE: use-after-free in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3516.patch: Call htmlCtxtUseOptions to make sure
      that names aren't stored in dictionaries.
    - CVE-2021-3516
  * SECURITY UPDATE: heap-based buffer overflow in xmlEncodeEntitiesInternal
    - debian/patches/CVE-2021-3517.patch: Add some checks to validate input is
      UTF-8 format, supplementing CVE-2020-24977 fix.
    - CVE-2021-3517
  * SECURITY UPDATE: use-after-free in xmlXIncludeDoProcess
    - debian/patches/CVE-2021-3518.patch: Move from a block list to an allow
      list approach to avoid descending into other node types that can't
      contain elements.
    - CVE-2021-3518
  * SECURITY UPDATE: NULL pointer dereference in xmlValidBuildAContentModel
    - debian/patches/CVE-2021-3537.patch: Check return value of recursive calls
      to xmlParseElementChildrenContentDeclPriv and return immediately in case
      of errors.
    - CVE-2021-3537
  * SECURITY UPDATE: Exponential entity expansion
    - debian/patches/Patch-for-security-issue-CVE-2021-3541.patch: Add check to
      xmlParserEntityCheck to prevent entity exponential.
    - CVE-2021-3541

 -- Avital Ostromich <email address hidden>  Wed, 26 May 2021 19:43:37 -0400
  • libxml2 (2.9.10+dfsg-5build1) groovy; urgency=medium

  * No change rebuild against new icu ABI.

 -- Dimitri John Ledkov <email address hidden>  Mon, 27 Jul 2020 16:43:05 +0100
  • libxml2 (2.9.10+dfsg-5) unstable; urgency=medium

  * Team upload.

  [ Mattia Rizzolo ]
  * d/rules:
    + Drop --disable-silent-rules, already passed by dh_auto_configure.
    + Drop --parallel, now default with debhelper compat > 10.
    + Use dh_installdocs and dh_installexamples to install docs and examples.
    + Use dh_missing --fail-missing (and add the relevant d/not-installed).
    + Minimize indep build to build only the docs.
  * d/watch: fix an option to avoid a warning message.
  * d/control:
    + Move most of the build-deps to Build-Depends-Arch.
    + Use ${python:Depends} also for python-libxml2-dbg.
  * Add a lintian override for
    debian-rules-uses-supported-python-versions-without-python-all-build-depends

  [ Gunnar Hjalmarsson ]
  * d/p/python3-unicode-errors.patch:
    Fix segfault issue with itstool and py3.  LP: #1869814

 -- Mattia Rizzolo <email address hidden>  Fri, 10 Apr 2020 14:53:23 +0200