UbuntuUpdates.org

Package "libxml2"

Name: libxml2

Description:

GNOME XML library

Latest version: 2.9.12+dfsg-4ubuntu0.2
Release: impish (21.10)
Level: security
Repository: main
Homepage: http://xmlsoft.org

Links


Download "libxml2"


Other versions of "libxml2" in Impish

Repository Area Version
base main 2.9.12+dfsg-4
updates main 2.9.12+dfsg-4ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.9.12+dfsg-4ubuntu0.2 2022-05-16 19:06:29 UTC

  libxml2 (2.9.12+dfsg-4ubuntu0.2) impish-security; urgency=medium

  * SECURITY UPDATE: Integer overflows
    - debian/patches/CVE-2022-29824.patch: Fix integer overflows in
      xmlBuf and xmlBuffer in tree.c, buf.c.
    - CVE-2022-29824

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 09 May 2022 16:13:07 -0300

Source diff to previous version
CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can re

Version: 2.9.12+dfsg-4ubuntu0.1 2022-03-14 12:06:26 UTC

  libxml2 (2.9.12+dfsg-4ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: use-after-free of ID and IDREF attributes
    - debian/patches/CVE-2022-23308.patch: normalize ID attributes in
      valid.c.
    - CVE-2022-23308

 -- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 12:57:40 -0500

CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.



About   -   Send Feedback to @ubuntu_updates