[ubuntu/jammy-security] libxml2 2.9.13+dfsg-1ubuntu0.8 (Accepted)
Shishir Subedi
shishirsub10 at gmail.com
Wed Aug 20 04:04:46 UTC 2025
libxml2 (2.9.13+dfsg-1ubuntu0.8) jammy-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2025-6021.patch: fix integer overflow by adding
bound checks in xmlBuildQName in tree.c
prevent integer overflow
- debian/patches/CVE-2025-6170.patch: fix buffer overflow by adding
bound checks in xmlShell in debugXML.c
- CVE-2025-6021
- CVE-2025-6170
* SECURITY UPDATE: UAF and type confusion
- debian/patches/CVE-2025-49794_49796.patch: fix UAF by returning node
and freeing it after use; fix type confusion by adding type check in
xmlSchematronFormatReport in schematron.c
- CVE-2025-49794
- CVE-2025-49796
Date: 2025-08-13 14:50:14.128363+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list