Forum: >>> Magnum BBS <<<

Accepted libxml2 2.12.7+dfsg+really2.9.14-0.4 (source) into unstable

From Debian FTP Masters@21:1/5 to All on Thu Mar 27 12:40:01 2025

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Mar 2025 11:54:17 +0100
Source: libxml2
Architecture: source
Version: 2.12.7+dfsg+really2.9.14-0.4
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Closes: 1071162 1092484 1094238 1098320 1098321 1098322
Changes:
libxml2 (2.12.7+dfsg+really2.9.14-0.4) unstable; urgency=medium
.
* Non-maintainer upload.
.
* Don't build with ICU. Closes: #1092484.
.
libxml's README.md states:
.
[ICU](https://icu.unicode.org/), a Unicode library. Mainly
useful as an alternative to iconv on Windows. Unnecessary
on most other systems.
.
ICU 76.1 requires to be built with -std=c++17 or -std=gnu++17 or
higher. However including the ICU headers in the libxml2 headers,
breaks builds with older C++ standards, most likely leading to
some unrelated build failures for packages that don't rely on ICU,
but are using libxml2.
.
* Import security updates from Ubuntu:
- SECURITY UPDATE: use-after-free in xmlXIncludeAddNode
+ debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.
+ CVE-2022-49043. Closes: #1094238.
- SECURITY UPDATE: buffer overread in xmllint
+ debian/patches/CVE-2024-34459.patch: fix buffer issue when using
htmlout option in xmllint.c.
+ CVE-2024-34459. Closes: #1071162.
- SECURITY UPDATE: use-after-free
+ debian/patches/CVE-2024-56171.patch: Fix use-after-free after
xmlSchemaItemListAdd.
+ CVE-2024-56171. Closes: #1098320.
- SECURITY UPDATE: stack-based buffer overflow
+ debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name
in xmlSnprintfElements.
+ debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in
xmlSnprintfElements.
+ CVE-2025-24928. Closes: #1098321.
- SECURITY UPDATE: NULL pointer dereference
+ debian/patches/CVE-2025-27113.patch: Fix compilation of explicit
child axis.
+ CVE-2025-27113. Closes: #1098322.
Checksums-Sha1:
4ee2efb936758253ef120e3c750711864f31ffcd 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
218ed9f116cfd8c30f4df7aa4bd2db2cd3c2955a 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
2065aef4edd178db210f6ced5aa968230496c829 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo
Checksums-Sha256:
ed52ed86b0dbc448c79490829aa8f6b73abf37794e3be27d746a8aa1c90a94e0 3060 libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
02dd4c440b5b8bd9376030b5e224a0da707d60e649eec28787b35ebdeebb4f0d 38312 libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
51fe71139020be0e527439c9c11d976c29b6d472b4baf184c8bfca5612686142 5982 libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo
Files:
a0c3b4161adbd5a2e0336b8045c82712 3060 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.dsc
8407424fe583724ebcb524551e40e7c1 38312 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4.debian.tar.xz
04ada705651b2ddaa9354f5ee2336f45 5982 libs optional libxml2_2.12.7+dfsg+really2.9.14-0.4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmflMV8QHGRva29AZGVi aWFuLm9yZwAKCRC9fqpgd4+m9ZtcD/9+hUy7R3PvY4+DQtFgnWHwATOi6SCjvanE IYXfGflYhnWC18XZwRSxFgJlfsFTVcPJQZBZ9Q4iwEmEHypi9vK7ElrbCblDrdq/ QSY7E5QNGH7tkI7MRPIhskkx87MI7zt2B5+qcNIgBARJLDbTYKLrbd7gArwkJyQa PsdkYlr+2GvLh5DmtFls2eZ+bXE5fSEGoxcXeYzbW5Z4guTdJlsGFiJnaYuutlyL zr3L3lZsoapGzoc2tNOsDcVzZF2r13A+jgnd9JQYBL9tJ838tj4Jzapu29cAJ7qM MIPcK00eYunQnovhVW76XjDHKO6pGKJp3zQqkEImcQo2sLQHHeH5v52gRJbwgMab up4hZ6EGLnsss2pj+1q14QGTUIHrHJvjFDJrDJCJRs2eL+h1Zzth1ZwHwPv8LSDN UN8/hFcaOgPjZHHJidknjvt5rjbu3/jKP6Na7fz/hnFxGja50zvUbO9CvktAnI7n drDP3zo2uNg4q31Xs7ZhOjUQp0RYxtMOoLYv6aA1RT0CH/ACclGccTv+6FqUCDFy 1cQQ6JH0rVF3O4iJQu3TeXyBndyTVisNYVj348UPIqsbqUGCTZ0rpLvS0LsOTljt 7KV30J142MyIJ1ter5USKqZ8NflNwSi3onwio894ydHVOkEbEb6KmRRQBci5V519
Egyx6sesfQ==
=3LZF
-----END PGP SIGNATURE-----

--==============734111980770282789=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ+U30wAKCRCb9qggYcy5 IcPYAP4z9icdqk4LgdLBLv9mJfKAHbzx3LwzkYX3HgjESRfzTgEA2+yUU5kCGyzY G2yqEEbq+BVLLSTFMy5B/vKCNd9TLwg=ymjN
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Jokke
  Thu May 22 15:51:38 2025
  from Be via Telnet
- Adam Fancher
  Thu May 22 15:27:52 2025
  from Winsted, Ct via Telnet
- Skwx
  Thu May 22 15:25:23 2025
  from London, Uk via Telnet
- Jokke
  Thu May 22 11:19:03 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:58:11 2025
  from Be via Telnet
- Jokke
  Thu May 22 10:43:16 2025
  from Be via Telnet
- Jokke
  Wed May 21 19:23:46 2025
  from Be via Telnet
- Jokke
  Wed May 21 18:35:33 2025
  from Be via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	481
Nodes:	16 (2 / 14)
Uptime:	08:36:56
Calls:	9,538
Calls today:	6
Files:	13,653
Messages:	6,139,034
Posted today:	1

Accepted libxml2 2.12.7+dfsg+really2.9.14-0.4 (source) into unstable

Who's Online

Recent Visitors

System Info