Re: [SECURITY] [DLA 3012-1] libxml2 security update
Hello Markus,
thanks for the update! Could you please push your last change into the
git-repo [1] and tag an upload?
gbp buildpackage --git-tag-only --git-sign-tags
--git-debian-branch=debian/stretch
Regards
[1] https://salsa.debian.org/lts-team/packages/libxml2
Anton
Am Di., 17. Mai 2022 um 01:04 Uhr schrieb Markus Koschany <apo@debian.org>:
>
> -------------------------------------------------------------------------
> Debian LTS Advisory DLA-3012-1 debian-lts@lists.debian.org
> https://www.debian.org/lts/security/ Markus Koschany
> May 17, 2022 https://wiki.debian.org/LTS
> -------------------------------------------------------------------------
>
> Package : libxml2
> Version : 2.9.4+dfsg1-2.2+deb9u7
> CVE ID : CVE-2022-29824
> Debian Bug : 1010526
>
> Felix Wilhelm discovered that libxml2, the GNOME XML library, did not correctly
> check for integer overflows or used wrong types for buffer sizes. This could
> result in out-of-bounds writes or other memory errors when working on large,
> multi-gigabyte buffers.
>
> For Debian 9 stretch, this problem has been fixed in version
> 2.9.4+dfsg1-2.2+deb9u7.
>
> We recommend that you upgrade your libxml2 packages.
>
> For the detailed security status of libxml2 please refer to
> its security tracker page at:
> https://security-tracker.debian.org/tracker/libxml2
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
Reply to: