[xml/sgml-pkgs] libxml2_2.9.1+dfsg1-5+deb8u5_allonly.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Aug 23 21:17:44 UTC 2017



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Aug 2017 17:31:22 +0200
Source: libxml2
Binary: libxml2 libxml2-utils libxml2-utils-dbg libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg
Architecture: all source
Version: 2.9.1+dfsg1-5+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 863018 863019 863021 863022 870865 870867 870870
Description: 
 libxml2    - GNOME XML library
 libxml2-dbg - Debugging symbols for the GNOME XML library
 libxml2-dev - Development files for the GNOME XML library
 libxml2-doc - Documentation for the GNOME XML library
 libxml2-utils - XML utilities
 libxml2-utils-dbg - XML utilities (debug extension)
 python-libxml2 - Python bindings for the GNOME XML library
 python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension)
Changes:
 libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
     Incorrect limit was used for port values. (Closes: #870865)
   * Prevent unwanted external entity reference (CVE-2017-7375)
     Missing validation for external entities in xmlParsePEReference.
     (Closes: #870867)
   * Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
     - Heap-based buffer over-read in function xmlDictComputeFastKey
       (CVE-2017-9049).
     - Heap-based buffer over-read in function xmlDictAddString
       (CVE-2017-9050).
     (Closes: #863019, #863018)
   * Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
     CVE-2017-9048)
     - Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
     - Stack-based buffer overflow in function xmlSnprintfElementContent
       (CVE-2017-9048).
     (Closes: #863022, #863021)
   * Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
     Heap buffer overflow in xmlAddID. (Closes: #870870)
Checksums-Sha1: 
 eaab819c0731a18e9c54f4063ab224dcf6cbb601 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 1ac243dfcb48cc4c6f75c047fbc615ad8dd13f34 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 53e9469a3539c99004bf03f2d48c740d35fd11c1 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Checksums-Sha256: 
 6fe2c4e997f1ed1520cbba4474513880a1e7450de57a0c86f73c4023396609fb 2760 libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 01247e1947e2b52c4ef0e227fdd501038aa0840b8c889c26b6503a2dcd85a5d3 70784 libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 5e3c6fc3559c5a11fd1d8fa82adc279a50e72aea8e1cfb737edb9ef56be62d56 815012 libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb
Files: 
 2a3af655cd7869b5c46d004574abc73e 2760 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.dsc
 c3ad68eb36657f8205d46df58bbef1cb 70784 libs optional libxml2_2.9.1+dfsg1-5+deb8u5.debian.tar.xz
 20f7e4cd04c586dcebfc9d889ff8e926 815012 doc optional libxml2-doc_2.9.1+dfsg1-5+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmYWvlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EE0oP/0lQVfaWpw3IFFPpnuyFZE60cbGVBvkm
xcqxfQ2JakMYi9ad2l2zt/OzuH3kgXVuQq7PYQmXbTsRSETqszVjG403m4aIkIht
HrtH8JmilAtNMKmvYpuNoUpVpPHT6JERQv9PU4B4gFqgS2tPG0iwzLZvivnuoPwH
8nlHugB0eIbyudk51YP3Swh5qx3Hx6VWGxAlcPnduA8PyFRV++fRu0oriEtaff+G
hqHWnA5ZgQBUMTiClCYrjwWaYK00tIkq44l+ceoyjBusix43xoDkoQ0iekPnUMmQ
CXSLke7/pxAqp7iakQNljm6Hd8LABXMRDAeyPYGiQPa4l8z9ad5kQnJ2Hz2Inx4s
UMH/JFqFLk0FinXyYZ2gKERcwheaNGQh9nbWhWgvAdmNC8KnXBNpCSs2qk2KwmqP
TO1n3Rw7EUEulaSJwomuDz6/h8u2Kkzo2RZPkcwRfEE0pmZAIuoVChr4zJpdUQ+E
ed0kRX5m5t50csgzWpMnfbu5mRn3p0SMzdiBlAQZUHQXGNzkEsXqD5pnCAw0lFnM
kiac5oDW/7n/v/8yR9jgN6CqcGtEjtmGf+I89Nuf91ZXazjEZJW9w+caIqfbJAnB
YAGCQFYD5Mvc8d2h5LtTUINca5RZH4QL46pz7gIeGBKCmkW71CVW7CS4DpIaeC9Q
x2pYxo5jonEM
=1LfP
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the debian-xml-sgml-pkgs mailing list