[ubuntu/noble-security] libxml2 2.9.14+dfsg-1.3ubuntu3.4 (Accepted)
Shishir Subedi
shishirsub10 at gmail.com
Wed Aug 20 04:04:44 UTC 2025
libxml2 (2.9.14+dfsg-1.3ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2025-6021.patch: fix integer overflow by adding
bound checks in xmlBuildQName in tree.c
prevent integer overflow
- debian/patches/CVE-2025-6170.patch: fix buffer overflow by adding
bound checks in xmlShell in debugXML.c
- CVE-2025-6021
- CVE-2025-6170
* SECURITY UPDATE: UAF and type confusion
- debian/patches/CVE-2025-49794_49796.patch: fix UAF by returning node
and freeing it after use; fix type confusion by adding type check in
xmlSchematronFormatReport in schematron.c
- CVE-2025-49794
- CVE-2025-49796
Date: 2025-08-13 14:49:12.699376+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list