Just released, including a security update:
8.9.3-20170825
Updates in 1 source package(s), 1 binary package(s):
Source libxml2, binaries: libxml2:amd64
libxml2 (2.9.1+dfsg1-5+deb8u5) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Google-bait: http://www.debian.org/CD/free-linux-cd
Debian does NOT ship free CDs. Please do NOT contact the mailing
lists asking us to send them to you.
Attachment:
signature.asc
Description: PGP signature