[SECURITY] [DLA 3878-1] libxml2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3878-1] libxml2 security update
From: Adrian Bunk <bunk@debian.org>
Date: Thu, 5 Sep 2024 18:13:58 +0300
Message-id: <[🔎] ZtnKtpz3oKaInO5o@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3878-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 05, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libxml2
Version        : 2.9.10+dfsg-6.7+deb11u5
CVE ID         : CVE-2016-3709 CVE-2022-2309
Debian Bug     : 1039991

Two vulnerabilities have been fixed in the XML library libxml2.

CVE-2016-3709

    HTML 4 parser cross-site scripting

CVE-2022-2309

    Parser NULL pointer dereference

For Debian 11 bullseye, these problems have been fixed in version
2.9.10+dfsg-6.7+deb11u5.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libxml2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmbZyrMACgkQiNJCh6LY
mLExlw/9ET3e2RwMvBHUHMuw0Kbdv70bBltXbWIdHT16Ygig2k3zQmRqQ6nUnUDa
p1c0A8iFblVIIrRmB02dy5CVUcuNR3UKUeRLcbz0gPfOhid3apqWD7JaG4OKPI2/
ThqH9g1XrMaJD8UzPJ7PSTPTesq+mXiesEghlpUN8QoF3+59gvO6Ef1rEMuH0uNj
ZfOn9rdrdDl7BuNqSWuam6Zm6JQ9RrPdGoaloEaO+Sy4gcnmQDOxQ9liMJJxrOwG
p53TOUzfUev/8cQtylgOGNuBTPn+SCgfRkf+xwjeLSQmkaNb/NqKSL0EAgApmerU
AfQridlRfrn9auvUyMs8YA4aVJTRnPYD5jolEZ59KS6yPBMtpK6y1zPHEIrg+/OB
B9I0Mp63GDKSrYJHfsZ91G89LE1i1lLX/vN+UvsIBd18b01dbTn2FpR8/K/t5kM8
F8vZeLPdavc18I3yHTQXitErk6kVQcg658Tgj5xdObAl9Up1dYVQiFokORfk51Cy
cchj+1ausds9AiPRwLuEvjWAgNFgnzfkuvaPUQLAc/r/Yw+BAmdSIgEd0TprXE2r
fXE8UFJowv6bqr1T9bxYAFjqjSYr+MWkldDAMRoUMsvKWQymnXtMphU+j5NHOL1k
Y6SHWOYW4ERgRFjkvRP/PhUOJ8acLtnwgTxRLbJuJBh18CBnTlw=
=R3QP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3877-1] ruby-sinatra security update
Next by Date: [SECURITY] [DLA 3879-1] bluez security update
Previous by thread: [SECURITY] [DLA 3877-1] ruby-sinatra security update
Next by thread: [SECURITY] [DLA 3879-1] bluez security update
Index(es):
- Date
- Thread