Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
From: Aron Xu <happyaron.xu@gmail.com>
Date: Thu, 17 Jul 2025 23:56:14 +0200
Message-id: <[🔎] CAMr=8w4f0P78zdXwCfRva7Zk-K2+EjnesiJWb+rRn=VipdyN6w@mail.gmail.com>
Reply-to: Aron Xu <happyaron.xu@gmail.com>, 1109440@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Control: affects -1 + src:libxml2

Dear release team,

I would like to apply two patches for libxml2 fixing 3 CVEs:
 - CVE-2025-6021: integer overflow in xmlBuildQName() (Closes: #1107720)
 - CVE-2025-{49794,49796}: use after free and type confusion in
xmlSchematronReportOutput() (Closes: #1107755)


Regards,
Aron

Attachment: libxml2_2.12.7+dfsg+really2.9.14-2.debdiff
Description: Binary data

Reply to:

Follow-Ups:
- Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
  - From: Ivo De Decker <ivodd@debian.org>
- Processed: Re: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1109440: marked as done (unblock: libxml2/2.12.7+dfsg+really2.9.14-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1108985: unblock/preapproval: redis/5:8.0.2-2
Next by Date: Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
Previous by thread: Bug#1109435: marked as done (unblock: gdm3/48.0-2)
Next by thread: Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
Index(es):
- Date
- Thread