Package "libxml2-doc"
| Name: |
libxml2-doc
|
Description: |
GNOME XML library - documentation
|
| Latest version: |
2.9.13+dfsg-1ubuntu0.11 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
libxml2 |
| Homepage: |
http://xmlsoft.org |
Links
Download "libxml2-doc"
Other versions of "libxml2-doc" in Jammy
Changelog
|
libxml2 (2.9.13+dfsg-1ubuntu0.11) jammy-security; urgency=medium
* SECURITY UPDATE: Infinite recursion with SGML catalogs.
- debian/patches/CVE-2025-8732.patch: Add catalog depth and checks in
catalog.c. Add test files in result/catalogs/recursive and
test/catalogs/recursive.sgml.
- CVE-2025-8732
* SECURITY UPDATE: Infinite recursion when resolving include directives in
RelaxNG parser.
- debian/patches/CVE-2026-0989.patch: Add xmlRelaxParserSetIncLImit in
include/libxml/relaxng.h. Add include limit and checks in relaxng.c. Add
test and test files in runtest.c,
test/relaxng/include/include-limit.rng,
test/relaxng/include/include-limit_1.rng,
test/relaxng/include/include-limit_2.rng, and
test/relaxng/include/include-limit_3.rng.
- debian/libxml2.symbols: Add new xmlRelaxParserSetIncLImit symbol.
- CVE-2026-0989
* SECURITY UPDATE: Infinite recursion in URI dereferencing.
- debian/patches/CVE-2026-0990.patch: Add MAX_CATAL_DEPTH and other checks
in catalog.c.
- CVE-2026-0990
* SECURITY UPDATE: Uncontrolled resource consumption in catalogs.
- debian/patches/CVE-2026-0992.patch: Add catalog duplication checks in
catalog.c.
- CVE-2026-0992
-- Hlib Korzhynskyy <email address hidden> Wed, 21 Jan 2026 14:38:02 -0330
|
| Source diff to previous version |
| CVE-2025-8732 |
A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog o |
| CVE-2026-0989 |
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on |
| CVE-2026-0990 |
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an |
| CVE-2026-0992 |
A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeat |
|
|
libxml2 (2.9.13+dfsg-1ubuntu0.10) jammy-security; urgency=medium
* SECURITY UPDATE: libxslt internal memory corruption
- debian/patches/CVE-2025-7425.patch: fix heap-use-after-free in
xmlFreeID caused by atype corruption.
- CVE-2025-7425
-- Marc Deslauriers <email address hidden> Thu, 30 Oct 2025 09:31:20 -0400
|
| Source diff to previous version |
| CVE-2025-7425 |
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT function |
|
|
libxml2 (2.9.13+dfsg-1ubuntu0.9) jammy-security; urgency=medium
* SECURITY UPDATE: Stack overflow
- debian/patches/CVE-2025-9714.patch: Make XPath depth check work with
recursive invocations.
- CVE-2025-9714
-- Octavio Galland <email address hidden> Mon, 01 Sep 2025 12:56:38 -0300
|
| Source diff to previous version |
|
libxml2 (2.9.13+dfsg-1ubuntu0.8) jammy-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2025-6021.patch: fix integer overflow by adding
bound checks in xmlBuildQName in tree.c
prevent integer overflow
- debian/patches/CVE-2025-6170.patch: fix buffer overflow by adding
bound checks in xmlShell in debugXML.c
- CVE-2025-6021
- CVE-2025-6170
* SECURITY UPDATE: UAF and type confusion
- debian/patches/CVE-2025-49794_49796.patch: fix UAF by returning node
and freeing it after use; fix type confusion by adding type check in
xmlSchematronFormatReport in schematron.c
- CVE-2025-49794
- CVE-2025-49796
-- Shishir Subedi <email address hidden> Sat, 09 Aug 2025 11:59:21 +0545
|
| Source diff to previous version |
| CVE-2025-6021 |
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. |
| CVE-2025-6170 |
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, th |
| CVE-2025-49794 |
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematro |
| CVE-2025-49796 |
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw a |
|
|
libxml2 (2.9.13+dfsg-1ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: OOB access in python API
- debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with
character streams in python/drv_libxml2.py.
- debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters
in python/libxml.c.
- debian/patches/CVE-2025-32414-2.patch: add a test in
python/tests/Makefile.am, python/tests/unicode.py.
- CVE-2025-32414
* SECURITY UPDATE: heap under-read in xmlSchemaIDCFillNodeTables
- debian/patches/CVE-2025-32415.patch: fix heap buffer overflow in
xmlSchemaIDCFillNodeTables in xmlschemas.c.
- CVE-2025-32415
-- Marc Deslauriers <email address hidden> Thu, 24 Apr 2025 14:42:32 -0400
|
| CVE-2025-32414 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect |
| CVE-2025-32415 |
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a |
|
About
-
Send Feedback to @ubuntu_updates
