Bug#1106038: unblock: libxml2/2.12.7+dfsg+really2.9.14-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1106038: unblock: libxml2/2.12.7+dfsg+really2.9.14-1
From: Aron Xu <aron@debian.org>
Date: Mon, 19 May 2025 14:39:08 +0800
Message-id: <[🔎] CAMr=8w4de1RxZ1YfNQ6jQAn8d4un6WtvwwU7maW8GaWqa8f3Fw@mail.gmail.com>
Reply-to: Aron Xu <aron@debian.org>, 1106038@bugs.debian.org

Package: release.debian.org
Control: affects -1 + src:libxml2
X-Debbugs-Cc: libxml2@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package libxml2

libxml2/2.12.7+dfsg+really2.9.14-1 in unstable is an update for security fixes:

- CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
(Closes: #1051230)
- CVE-2023-45322: use-after-free in xmlUnlinkNode() (Closes: #1053629)
- CVE-2024-25062: use-after-free in xmlValidatePopElement() (Closes: #1063234)
- CVE-2025-32414: out-of-bounds read in Python bindings (Closes: #1102521)
- CVE-2025-32415: heap-based buffer under-read via
xmlSchemaIDCFillNodeTables() (Closes: #1103511)

unblock libxml2/2.12.7+dfsg+really2.9.14-1

Reply to:

Follow-Ups:
- Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1106038: unblock: libxml2/2.12.7+dfsg+really2.9.14-1
  - From: Aron Xu <happyaron.xu@gmail.com>
- Bug#1106038: marked as done (unblock: libxml2/2.12.7+dfsg+really2.9.14-1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: firefox-esr/128.10.1esr-1
Next by Date: Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-1
Previous by thread: Bug#1106037: marked as done (unblock: firefox-esr/128.10.1esr-1)
Next by thread: Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-1
Index(es):
- Date
- Thread